CSAL#63

Security Notification # CSAL63			Advisory Title: HTTP Missing Headers
Document ID:	TAS/PRD/GEN/SN-CSAL#63	Document Name:	Security Notification # CSAL63	Doc. Rev.:	0

Publication Date	15-Jan-24	Incident Source	CSAL63	CVE / Vulnerability Reference	OWASP(A6)
Last Update	06-Feb-24	Reported By	Valency Networks Testing Agency	Advisory ID#	Posting Not Started Yet
Current Version	WP500 FW 0.6.6	CVSS Score	7

Vulnerability Description		Following HTTP security headers are missing: Content Security Policy (CSP), X-frame-options, Strict-Transport-Security, X-Content-Type-Options
Impact		Missing HTTP security headers like Content Security Policy (CSP), X-Frame-Options, Strict-Transport-Security (HSTS), and X-Content-Type-Options expose a website to risks like cross-site scripting (XSS), click jacking, SSL stripping attacks, and MIME-type confusion attacks. To mitigate these vulnerabilities, it's crucial to configure these headers on the web server to enhance security and protect both the server and its users from potential exploits.
Affected products		WP500 Firmware 0.65 Version
Temporary Fix / Mitigation		Please update to firmware version 0.6.6.
Acknowledgment		Valency Networks , Pune
History		NA
Classification of Vulnerability