DerScanner
Home / Vulnerability Database / Python : X-Content-Type-Options: nosniff header disabled
Python

Python : X-Content-Type-Options: nosniff header disabled

Classification

OWASP Top 10 2013
A5-Security Misconfiguration
OWASP Top 10 2017
A6-Security Misconfiguration
OWASP Top 10 2021
A5-Security Misconfiguration
OWASP ASVS
Configuration
CWE
CWE-1031

Overview

The application explicitly disables the X-Content-Type-Options security header.

MIME sniffing is the practice of inspecting the content of a byte stream to attempt to deduce the file format of the data within it.

If MIME sniffing is not explicitly disabled, some browsers may misinterpret the data, which can lead to cross-site scripting attacks.

References

  1. SECURE_CONTENT_TYPE_NOSNIFF
  2. Content sniffing
  3. OWASP Top 10 2017-A6-Security Misconfiguration
  4. CWE CATEGORY: OWASP Top Ten 2017 Category A5 - Broken Access Control
MEDIUM

DerScanner Severity Score

Do you want to fix Python : X-Content-Type-Options: nosniff header disabled in your application?

See also

Python

Python : Debug mode on

Python

Python : Web3: Deprecated method

Python

Python : Unsafe padding