https://community.checkpoint.com/t5/General-Topics/How-to-mitigate-the-below-Vulnerability/m-p/173318#M28929 <P>Dear Team,</P><P>&nbsp;</P><P>Missing useful HTTP headers :-&nbsp;Cache-control is an HTTP header used to specify browser caching policies in both client requests and server responses. Policies include how a resource is cached, where it’s cached and its maximum age<BR />before expiring (i.e., time to live).</P><P>Using known vulnerable components :-&nbsp;Application is using vulnerable JavaScript libraries. One or more vulnerabilities were reported for this version of the library.</P><P>Please help us with the solution to mitigate the same.&nbsp;</P> Thu, 02 Mar 2023 09:46:13 GMT Hardik_Patil_66 2023-03-02T09:46:13Z https://community.checkpoint.com/t5/General-Topics/How-to-mitigate-the-below-Vulnerability/m-p/173318#M28929 <P>Dear Team,</P><P>&nbsp;</P><P>Missing useful HTTP headers :-&nbsp;Cache-control is an HTTP header used to specify browser caching policies in both client requests and server responses. Policies include how a resource is cached, where it’s cached and its maximum age<BR />before expiring (i.e., time to live).</P><P>Using known vulnerable components :-&nbsp;Application is using vulnerable JavaScript libraries. One or more vulnerabilities were reported for this version of the library.</P><P>Please help us with the solution to mitigate the same.&nbsp;</P> Thu, 02 Mar 2023 09:46:13 GMT https://community.checkpoint.com/t5/General-Topics/How-to-mitigate-the-below-Vulnerability/m-p/173318#M28929 Hardik_Patil_66 2023-03-02T09:46:13Z https://community.checkpoint.com/t5/General-Topics/How-to-mitigate-the-below-Vulnerability/m-p/173324#M28930 <P>Hello,&nbsp;<BR /><BR />Is the error/vulnerability clear for you "<SPAN>Missing useful HTTP headers :-&nbsp;Cache-control is an HTTP header used to specify browser caching policies in both client requests and server responses.</SPAN>"&nbsp; ?<BR />On the WebServer you're addressing, seems that you don't have configured "Cache-control" headers.</P> <P>(<A href="https://infinitelogins.com/2022/03/04/missing-security-http-headers-we-should-call-out/" target="_self">go over this</A> and maybe you'll get them clarified)</P> <P>Can you get us a screenshot of the Log where you see this...<BR /><BR />Thank you,</P> Thu, 02 Mar 2023 10:26:34 GMT https://community.checkpoint.com/t5/General-Topics/How-to-mitigate-the-below-Vulnerability/m-p/173324#M28930 Sorin_Gogean 2023-03-02T10:26:34Z https://community.checkpoint.com/t5/General-Topics/How-to-mitigate-the-below-Vulnerability/m-p/173405#M28944 <P>Please provide more details about the environment and precisely what Check Point products involved (including version/JHF levels) and how.</P> Thu, 02 Mar 2023 20:08:27 GMT https://community.checkpoint.com/t5/General-Topics/How-to-mitigate-the-below-Vulnerability/m-p/173405#M28944 PhoneBoy 2023-03-02T20:08:27Z https://community.checkpoint.com/t5/General-Topics/How-to-mitigate-the-below-Vulnerability/m-p/174167#M29087 <P>We are having cluster setup on version R81.10 with jumbo hotfix take 79.</P> Thu, 09 Mar 2023 07:33:37 GMT https://community.checkpoint.com/t5/General-Topics/How-to-mitigate-the-below-Vulnerability/m-p/174167#M29087 Hardik_Patil_66 2023-03-09T07:33:37Z https://community.checkpoint.com/t5/General-Topics/How-to-mitigate-the-below-Vulnerability/m-p/174278#M29117 <P>Still need more information:</P> <UL> <LI>Who or what exactly is reporting this vulnerability?&nbsp;</LI> <LI>What precisely is being scanned? Is it the gateway itself, a device that it's protecting, or something else? What precise tCP ports are being scanned to make this "vulnerable" determination?</LI> <LI>Please provide an external reference to said vulnerability (e.g. a CVE # or similar) so we can understand the exact nature of it.</LI> </UL> <P>If you don't want to post this information publicly, I suggest opening a TAC case.</P> Thu, 09 Mar 2023 18:27:50 GMT https://community.checkpoint.com/t5/General-Topics/How-to-mitigate-the-below-Vulnerability/m-p/174278#M29117 PhoneBoy 2023-03-09T18:27:50Z