Fluid Attacks Database

Description

Detects XML configurations where HTTP Accept headers are set to wildcards (*/*), allowing any content type. This insecure configuration can enable content type spoofing attacks and potentially lead to security bypasses or injection vulnerabilities.

Weakness:

153 - Insecure or unset HTTP headers - Accept

Category: Protocol Manipulation

Detection Strategy

• Search for <stringprop> elements in XML configuration files

• Check if element contains header configuration with Accept header field

• Verify if Accept header value contains wildcard (*/*)

• Validate structural context by checking sibling elements

• Report vulnerability if wildcard Accept header is found in valid configuration context

Vulnerable code example

<elementProp name="" elementType="Header">
  <stringProp name="Header.name">Accept</stringProp> 
  <stringProp name="Header.value">*/*</stringProp>  # Vulnerable: Overly permissive Accept header allows any content type
</elementProp>

✅ Secure code example

<elementProp name="" elementType="Header">
  <stringProp name="Header.name">Accept</stringProp>
  <stringProp name="Header.value">application/json, text/html</stringProp>  # Secure: Explicitly lists only required content types
</elementProp>

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.