Web Cache Poisoning

Description
  • This web application is using a caching system. By manipulating specific unkeyed inputs (headers or cookies that are not included when generating the cache key) it was possible to force the caching system to cache a response that contains user-controlled input. This cached response can be later served to a victim resulting in various vulnerabilities.
Remediation
  • Use the HTTP response header Vary to key unkeyed inputs and protect against web cache poisoning. Where possible, avoiding accepting input from HTTP request headers and cookies.
References