This web application is using a caching system. By manipulating specific unkeyed inputs (headers or cookies that are not included when generating the cache key) it was possible to force the caching system to cache a response that contains user-controlled input. This cached response can be later served to a victim resulting in various vulnerabilities.


Use the HTTP response header Vary to key unkeyed inputs and protect against web cache poisoning. Where possible, avoiding accepting input from HTTP request headers and cookies.


Related Vulnerabilities