Validate file mime type in AttachmentCreator soap web service [New in Security Center 1.3 and updated in 1.5]

The glide.attachment.enforce_security_validation property determines whether Multipurpose internet Mail Extensions (MIME) files undergo validation.

If glide.attachment.enforce_security_validation is not set to the recommended value of true, then there is no validation for MIME files, enabling malicious files to be uploaded with incorrect file extensions. When this property is set to true, files are uploaded with the correct file type extension.

More information

AttributeDescription
Configuration name glide.attachment.enforce_security_validation
Configuration type System Properties (/sys_properties_list.do)
Data type Boolean
Recommended value true
Default value true
Category File and resources
Security risk
  • Severity score: 7.5
  • CVSS score: High
  • Security risk details: If the property is set to false, there’s no validation for MIME files during uploads. This could enable malicious files to be disguised by changing their file extension.
Dependencies and prerequisites None
References https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types/Common_types
Functional impact Set this hardening setting to true to run mime-type and file extension validations on uploaded file attachments. No validations are run if this property is set to false. This property is set to true by default.