Description

This web application is using a caching system. By sending a request with the two GET parameters separated by semicolon (;) it was possible to force the caching system to cache a response that contains user-controlled input. This cached response can be later served to a victim resulting in various vulnerabilities.When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server.

Remediation

Separating parameters by ; is not recommended and may cause various security issues.

References

Related Vulnerabilities