Web Cache Deception

high Web App Scanning Plugin ID 113580

Language:

Synopsis

Web Cache Deception

Description

A caching system has been detected on the application and is vulnerable to web cache deception. By manipulating the URL it is possible to force the application to cache pages that are only accessible by an authenticated user. Once cached, these pages can be accessed by an unauthenticated user.

Solution

Perform caching by also checking the Content-Type of the file, not just the URL and extension

See Also

https://www.blackhat.com/docs/us-17/wednesday/us-17-Gil-Web-Cache-Deception-Attack.pdf

Plugin Details

Severity: High

ID: 113580

Type: remote

Family: Web Applications

Published: 2/22/2023

Updated: 2/21/2024

Scan Template: api, full, pci, scan

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: Tenable

CVSS v3

Risk Factor: High

Base Score: 8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS Score Source: Tenable

CVSS v4

Risk Factor: High

Base Score: 8.5

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVSS Score Source: Tenable

Reference Information

CWE: 444

OWASP: 2021-A4

WASC: HTTP Request Smuggling

CAPEC: 105, 33

DISA STIG: APSC-DV-002560

HIPAA: 164.312(a)(1), 164.312(e)

ISO: 27001-A.13.1.3, 27001-A.13.2.1, 27001-A.14.1.2, 27001-A.14.1.3

NIST: sp800_53-AC-4

OWASP API: 2019-API7, 2023-API8

OWASP ASVS: 4.0.2-5.1.3

PCI-DSS: 3.2-2.2