You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
application/x-x509-ca-cert is the default response from our Spring-Boot application when there is an error like 404 and it was trying to get a cert file that doesn't exist: https://example.com/key.pem
4.2.1.1. CA Certificate Response Message Format
If the CA does not have any intermediate CA certificates, the response consists of a single X.509 CA certificate. The response will have a Content-Type of "application/x-x509-ca-cert".
"Content-Type: application/x-x509-ca-cert"
Steps to reproduce the behavior
Create spring-boot application
Scan a GET endpoint with ZAP, which will try with /key.pem
The report will have the "Unexpected Content-Type was returned" finding with application/x-x509-ca-cert
Screenshots
The text was updated successfully, but these errors were encountered:
Similar to #8226
application/x-x509-ca-cert
is the default response from our Spring-Boot application when there is an error like 404 and it was trying to get a cert file that doesn't exist: https://example.com/key.pemBut it is a valid response type when looking at https://www.iana.org/assignments/media-types/application/x-x509-ca-cert and https://datatracker.ietf.org/doc/html/rfc5280
Steps to reproduce the behavior
Screenshots
The text was updated successfully, but these errors were encountered: