Description

This web application is using a caching system. It was possible to identify a common HTTP header that is reflected in the response and will be cached.

Because the value of the HTTP header is reflected in the response, it's possible to forge a malicious cached response that will be later served to victims.

Remediation

The caching key should also include the HTTP header to prevent this type of issues.

References

Practical Web Cache Poisoning

Related Vulnerabilities

Apache Airflow Experimental API Auth Bypass CVE-2020-13927

WebDAV remote code execution

Wildcard Detected in Domain Portion of Content Security Policy (CSP) Directive

Apache stronghold-status enabled

Content Security Policy (CSP) report-uri Uses HTTP

Severity

Medium

Classification

CWE-16 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration