Fluid Attacks Database

Description

Detects use of wildcard MIME types in HTTP Accept headers in Java applications, which could allow a server to accept any content type. This creates a security risk as it may enable processing of dangerous or unexpected content types that could lead to security vulnerabilities like XSS or code injection.

Weakness:

153 - Insecure or unset HTTP headers - Accept

Category: Protocol Manipulation

Detection Strategy

• Identifies HTTP header configurations that set Accept headers

• Checks if the Accept header value contains wildcard MIME types (e.g. */*)

• Reports a vulnerability when a header is configured to accept any MIME type without restrictions

• Focuses on Header class usage where content type restrictions are too permissive

Vulnerable code example

import org.apache.http.Header;
import javax.servlet.http.HttpServlet;

public class VulnerableHeaderExample extends HttpServlet {
    // SECURITY ISSUE: Using wildcard "*/*" in Accept header allows any content type
    Header myHeader = new Header("Accept", "*/*");
}

✅ Secure code example

import org.apache.http.Header;
import javax.servlet.http.HttpServlet;

public class VulnerableHeaderExample extends HttpServlet {
    // Specify explicit content type to prevent content-type based attacks
    Header myHeader = new Header("Accept", "text/html");
}

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.