How do I mitigate the Struts 2 malicious Content-Type attack without updating my Java code?
Attack details S2-045.
I would add the '%', '}', and '{' characters to the condition as well as they are also not valid Content-type header entries and are present in the POC exploit payload for this vulnerability.
RewriteCond %{HTTP:Content-type} [$\#()%}{]
RewriteRule . [F,L]
Sorry if I got the syntax wrong as I have not tested this entry yet.
P.S. I would even venture to add the '@', '?' and ';' characters, but those may break an application if filtered as I think they are actually technically allowed, but I have never seen those in a content-type header in any of our application implementations.