Login Start Free Trial Login Start Free Trial
 

HawkScan Test Info for Charset Mismatch

HawkScan Test Info for Charset Mismatch

Charset Mismatch

Reference

Plugin Id: 90011 | CWE: 436

Remediation

  1. Standardize charset: Use UTF-8 consistently in both HTTP Content-Type headers and HTML/XML declarations.
  2. Align header and content: Ensure the charset declared in HTTP headers matches the charset used in document meta tags or XML declarations.
  3. Server configuration: Configure web servers to always send consistent charset information in Content-Type headers.
  4. Validate encoding: Test that all text content is properly encoded and displayed with the declared charset.
  5. Remove conflicting declarations: Eliminate any conflicting charset declarations that might cause browser confusion.

About

Charset mismatch occurs when the character encoding declared in HTTP Content-Type headers differs from the encoding specified in HTML meta tags or XML declarations. This inconsistency can force browsers into content-sniffing mode, potentially leading to security vulnerabilities and display issues.

Risks

Medium Charset mismatches can enable content-sniffing attacks, character encoding confusion, potential XSS vulnerabilities through encoding manipulation, and inconsistent content rendering across different browsers.