This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Hardik_Patil_66
Explorer
‎2023-03-02 01:46 AM

How to mitigate the below Vulnerability

Dear Team,

 

Missing useful HTTP headers :- Cache-control is an HTTP header used to specify browser caching policies in both client requests and server responses. Policies include how a resource is cached, where it’s cached and its maximum age
before expiring (i.e., time to live).

Using known vulnerable components :- Application is using vulnerable JavaScript libraries. One or more vulnerabilities were reported for this version of the library.

Please help us with the solution to mitigate the same. 

0 Kudos
4 Replies
Sorin_Gogean
Advisor
‎2023-03-02 02:25 AM

Hello, 

Is the error/vulnerability clear for you "Missing useful HTTP headers :- Cache-control is an HTTP header used to specify browser caching policies in both client requests and server responses."  ?
On the WebServer you're addressing, seems that you don't have configured "Cache-control" headers.

(go over this and maybe you'll get them clarified)

Can you get us a screenshot of the Log where you see this...

Thank you,

0 Kudos
PhoneBoy
Admin
Admin
‎2023-03-02 12:08 PM

Please provide more details about the environment and precisely what Check Point products involved (including version/JHF levels) and how.

0 Kudos
Hardik_Patil_66
Explorer
‎2023-03-08 11:33 PM
In response to PhoneBoy

We are having cluster setup on version R81.10 with jumbo hotfix take 79.

0 Kudos
PhoneBoy
Admin
Admin
‎2023-03-09 10:27 AM
In response to Hardik_Patil_66

Still need more information:

  • Who or what exactly is reporting this vulnerability? 
  • What precisely is being scanned? Is it the gateway itself, a device that it's protecting, or something else? What precise tCP ports are being scanned to make this "vulnerable" determination?
  • Please provide an external reference to said vulnerability (e.g. a CVE # or similar) so we can understand the exact nature of it.

If you don't want to post this information publicly, I suggest opening a TAC case.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events