Description

This web application is using a caching system. By sending a request with the same GET parameter cloacked inside the value of an UTM_* parameter it was possible to force the caching system to cache a response that contains user-controlled input. This cached response can be later served to a victim resulting in various vulnerabilities.

Remediation

Separating parameters by ; is not recommended and may cause various security issues.

References

Web Cache Entanglement: Novel Pathways to Poisoning

Related Vulnerabilities

Jenkins open user registration

nginx SPDY heap buffer overflow

SAP Management Console get user list

GraphQL Non-JSON Queries over GET: Potential CSRF Vulnerability

Ruby framework weak secret key

Severity

High

Classification

CWE-44 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Configuration