Description

The web application is using a caching system. The cache system is configured to cache responses with a error-related status code (400). An attacker can send a request with a malformed HTTP/2 header to an existing resource(page, script) of the web application, so the application returns a response with such a status code and the cache system stores it. Therefore, if other users try to access the resource, they will get the response with the error status from the caching system.

Remediation

It's recommended to avoid caching responses with error-related status codes. Consult web references for more information

References

Related Vulnerabilities