Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Web Cache Poisoning DoS (for javascript) - Vulnerability Database

Web Cache Poisoning DoS (for javascript)

Description

The web application is using a caching system. The cache system is configured to cache responses with a error-related status code (400, 404, 501). An attacker can send a malformed request to an existing javascript file of the web application, so the application returns a response with such a status code and the cache system stores it. Therefore, if other users try to access the file, they will get the response with the error status from the caching system.

Remediation

It's recommended to avoid caching responses with error-related status codes. Consult web references for more information

References

CPDoS: Cache Poisoned Denial of Service
Responsible denial of service with web cache poisoning

Related Vulnerabilities

Apache Tomcat version older than 6.0.35 High
Common tags: Denial Of Service Configuration
XML external entity injection and XML injection High
Common tags: Denial Of Service Configuration
Web Cache Poisoning DoS Medium
Common tags: Denial Of Service Configuration
XML external entity injection (variant) High
Common tags: Denial Of Service Configuration
XML external entity injection via File Upload High
Common tags: Denial Of Service Configuration

Severity

Medium

Classification

CWE-400
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Tags

Denial Of Service
Configuration