Web Cache Poisoning

high Web App Scanning Plugin ID 113338

Language:

Synopsis

Web Cache Poisoning

Description

A caching system has been detected on the application and is vulnerable to web cache poisoning. By manipulating specific unkeyed inputs (headers or cookies that are not included when generating the cache key) it was possible to force the caching system to cache a response that contains user-controlled input. If a response is cached in a shared web cache, such as those commonly found in proxy servers, then all users of that cache will continue to receive the malicious content until the cache entry is purged.

Solution

Disable caching for the affected input or pages. If both the affected input and caching behavior are required, configure the cache to ensure that the input is included in the cache key.

See Also

https://i.blackhat.com/us-18/Thu-August-9/us-18-Kettle-Practical-Web-Cache-Poisoning-Redefining-Unexploitable.pdf

https://owasp.org/www-community/attacks/Cache_Poisoning

Plugin Details

Severity: High

ID: 113338

Type: remote

Family: Web Applications

Published: 9/6/2022

Updated: 7/29/2024

Scan Template: api, full, pci, scan

Risk Information

VPR

Risk Factor: Low

Score: 2.7

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS Score Source: Tenable

CVSS v4

Risk Factor: High

Base Score: 7.2

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

CVSS Score Source: Tenable

Reference Information

CWE: 444

OWASP: 2021-A4

WASC: HTTP Request Smuggling

CAPEC: 105, 33

DISA STIG: APSC-DV-002560

HIPAA: 164.312(a)(1), 164.312(e)

ISO: 27001-A.13.1.3, 27001-A.13.2.1, 27001-A.14.1.2, 27001-A.14.1.3

NIST: sp800_53-AC-4

OWASP API: 2019-API7, 2023-API8

OWASP ASVS: 4.0.2-5.1.3

PCI-DSS: 3.2-2.2