I am getting too many false positives of "Content type incorrectly stated" vulnerability all the time. My last occurence is:
'''The response states that the content type is font/x-woff. However, it actually appears to contain unrecognized content.'''
The response starts with wOFF and some binary stuff is following. When issue the "file" command on that it says: Web Open Font Format, TrueType, length 83760, version 1.0
What method do you use to determine the response type??
Hi Chris, Would you be able to send the generated report of one of those reported vulnerabilities to firstname.lastname@example.org?
Looking at your specified content type, ‘font/x-woff’ is non standard (https://www.iana.org/assignments/media-types/media-types.xhtml#font). This could be why Burp is flagging it as a ‘incorrect’ MIME type.