Vulnerability
The Content-Type header is used to indicate the media type of the resources. The content-type header is used to send a client, what to expect from the server.
There are many web applications that didn’t implement a Content-Type header value. This value informs the browser what kind of data to expect. If this header is missing, the browser may incorrectly handle the data. This could lead to security problems like a man in the middle attacks.
Example
The following code is an example of a content type header.
Content-Type: text/html; charset=utf-8
Content-Type: multipart/form-data; boundary=something
Impact
The impact include:-
- Man in the middle attacks
Mitigation / Precaution
Beagle recommends the following fixes:-
- Make sure to add Content-Type header value.
Written by
Summarize:
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 14 days
