Web Cache Poisoning via Host Header

Description

This web application is using a caching system. By sending a request with a Host header that contains an invalid port it was possible to force the caching system to cache a response that contains a redirect to the invalid port. This cached response can be later served to victims resulting in denial of service.

Remediation

Caching keys should also include the Host header port to prevent this type of issues.

References

Related Vulnerabilities

Severity

High

Classification

CWE-44 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Configuration Denial Of Service