Description

Edge Side Include injection (ESI Injection) is a vulnerability that allows an attacker to reflect ESI tags in the HTTP response.

The ESI language is based on a small set of XML tags and is used in many popular HTTP surrogate solutions to tackle performance issues by enabling heavy caching of Web content. ESI tags are used to instruct a reverse-proxy (or a caching server) to fetch more information about a web page for which a template is already cached. If an attacker can successfully reflect ESI tags in the HTTP response, then the surrogate will blindly parse and evaluate them, believing they are legitimate tags that are served from the upstream server.

Remediation

Apply context-dependent encoding and/or validation to user input rendered on a page. Mitigation techniques against XSS recommended for the language or framework you are using will often be enough to protect against ESI injections.

References

Related Vulnerabilities