Description

This web application is using a caching system. By manipulating specific unkeyed inputs (headers or cookies that are not included when generating the cache key) it was possible to force the caching system to cache a response that contains user-controlled input. This cached response can be later served to a victim resulting in various vulnerabilities.

Remediation

Use the HTTP response header Vary to key unkeyed inputs and protect against web cache poisoning. Where possible, avoiding accepting input from HTTP request headers and cookies.

References

Related Vulnerabilities