Web Cache Deception - exploitable without a cache server?

Information Security Asked by Citylight on December 26, 2020

Is Web Cache Deception vulnerability exploitable if there is no cache server involved?

If we are not using a cache servers or a CDN to serve the application, then would the application still be vulnerable – say if the client’s network using the application has a caching server to serve its users?

Background: Our webapp scanner (Netsparker) has detected the Web Cache Deception vulnerability for an internal application and has marked the severity as Critical. Since there are no web cache servers between that webserver and its users, the inclination is to adjust the severity as medium or low.

One Answer

Looks like it might be a false positive ? Can you reproduce the issue manually ?

Web Cache Poisoning can happen without a cache server or CDN since some application have an internal cache mechanism.

Drupal is often used with third party caches like Varnish, but it also contains an internal cache which is enabled by default.

Source: Practical Web Cache Poisoning

Answered by null on December 26, 2020

Add your own answers!

Related Questions

with Apple user verification

0  Asked on November 8, 2021


Whom should I report spam emails to?

1  Asked on November 6, 2021


How to secure my PHP url endpoints

1  Asked on November 6, 2021


Is there any alternative to nmap for UDP?

3  Asked on November 6, 2021


Arp poisoning doesn’t work with HTTPS navigation

1  Asked on October 28, 2021 by user13105993


PHP Blind XXE Exploitation: Invalid URI in Entity

1  Asked on October 28, 2021 by user3207874


Ask a Question

Get help from others!

© 2023 All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP