Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Web Cache Poisoning - Vulnerability Database

Web Cache Poisoning

Description

This web application is using a caching system. By manipulating specific unkeyed inputs (headers or cookies that are not included when generating the cache key) it was possible to force the caching system to cache a response that contains user-controlled input. This cached response can be later served to a victim resulting in various vulnerabilities.

Remediation

Use the HTTP response header <strong>Vary</strong> to key unkeyed inputs and protect against web cache poisoning. Where possible, avoiding accepting input from HTTP request headers and cookies.

References

Practical Web Cache Poisoning
Vary HTTP response header

Related Vulnerabilities

Trace.axd Detected High
Common tags: Configuration
Unrestricted access to Caddy API interface High
Common tags: Configuration
Unrestricted access to Kong Gateway API High
Common tags: Configuration
Joomla J!Dump extension enabled Medium
Common tags: Configuration
Joomla Debug Console enabled Medium
Common tags: Configuration

Severity

High

Classification

CWE-44
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

Tags

Configuration