Description

One or more pages contain possible sensitive information (e.g. a password parameter) and could be potentially cached. Even in secure SSL channels sensitive data could be stored by intermediary proxies and SSL terminators. To prevent this, a Cache-Control header should be specified.

Remediation

Prevent caching by adding "Cache Control: No-store" and "Pragma: no-cache" to the HTTP response header.

Related Vulnerabilities

Gitlab user disclosure

Simple Download Button Shortcode 'file' Parameter Information Disclosure (1.0)

MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-2922)

MiwoFTP-File & Folder Manager Arbitrary File Download (1.0.5)

WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.24)

Severity

Low

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Information Disclosure Configuration