Findings

Malformed media type

Updated: June 19, 2025

findings action based findings api finding

Description

Severity: Medium

Media type name is malformed.

A malformed media type name typically indicates an error in specifying the format of a MIME type (Multipurpose Internet Mail Extensions type), such as type/subtype, used to identify content types in web communication. Common issues include syntax errors, unsupported or improperly encoded media types, and discrepancies between specified types and system requirements or API expectations. Resolving such errors often involves verifying the correct format, ensuring compatibility with system or API specifications, and addressing any encoding or configuration issues affecting media type interpretation.

Example Attack

Content Sniffing Vulnerability: Browsers sometimes perform content sniffing (also known as MIME sniffing) to determine the type of content if the MIME type is not explicitly specified or if it is malformed. If a malicious user can control or manipulate the malformed MIME type in such a way that it tricks the browser into interpreting it as a different, potentially dangerous type (like executing JavaScript in what is supposed to be a plain text file), it could lead to cross-site scripting (XSS) attacks.

Remediation

Use the correct IANA registered format for MIME types.

Need help?

Contact FireTail support

Previous (Findings - Action based findings)
Latent injection vulnerability
Next (Findings - Action based findings)
Malware generation vulnerability