The web application is using a caching system. The cache system is configured to cache responses with a error-related status code (400). An attacker can send a request with a malformed HTTP/2 header to an existing resource(page, script) of the web application, so the application returns a response with such a status code and the cache system stores it. Therefore, if other users try to access the resource, they will get the response with the error status from the caching system.


It's recommended to avoid caching responses with error-related status codes. Consult web references for more information


Related Vulnerabilities