Description

One or more pages contain possible sensitive information (e.g. a password parameter) and could be potentially cached. Even in secure SSL channels sensitive data could be stored by intermediary proxies and SSL terminators. To prevent this, a Cache-Control header should be specified.

Remediation

Prevent caching by adding "Cache Control: No-store" and "Pragma: no-cache" to the HTTP response header.

References

OWASP - Caching of Sensitive Information

MDN Web Docs - Cache-Control

CWE-524: Use of Cache Containing Sensitive Information

Related Vulnerabilities

WordPress Plugin Correos Woocommerce Arbitrary File Download (1.3.0.0)

WordPress Plugin Social Network Tabs Information Disclosure (1.7.1)

Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4194)

WordPress Plugin Advanced Contact form 7 DB Information Disclosure (1.1.0)

WordPress Plugin Redux Framework Multiple Vulnerabilities (4.2.11)

Severity

Low

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Configuration