Information Security Asked by Citylight on December 26, 2020
Is Web Cache Deception vulnerability exploitable if there is no cache server involved?
If we are not using a cache servers or a CDN to serve the application, then would the application still be vulnerable – say if the client’s network using the application has a caching server to serve its users?
Background: Our webapp scanner (Netsparker) has detected the Web Cache Deception vulnerability for an internal application and has marked the severity as Critical. Since there are no web cache servers between that webserver and its users, the inclination is to adjust the severity as medium or low.
Looks like it might be a false positive ? Can you reproduce the issue manually ?
Web Cache Poisoning can happen without a cache server or CDN since some application have an internal cache mechanism.
Drupal is often used with third party caches like Varnish, but it also contains an internal cache which is enabled by default.
Source: Practical Web Cache Poisoning
Answered by null on December 26, 2020
0 Asked on November 6, 2021
2 Asked on November 6, 2021
1 Asked on November 6, 2021 by sibwara
1 Asked on November 6, 2021
2 Asked on October 28, 2021
1 Asked on October 28, 2021
0 Asked on October 28, 2021 by vtex
1 Asked on October 28, 2021 by user13105993
2 Asked on October 28, 2021
3 Asked on October 28, 2021 by cppiscool
2 Asked on October 28, 2021 by paradoxis
6 Asked on October 28, 2021 by myusername
1 Asked on October 28, 2021
Get help from others!
Recent Questions
Recent Answers
© 2023 AnswerBun.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP