Web cache poisoning attacks target the intermediate storage points such as POP servers, load balancers, proxies etc which reside between web servers and client devices.
Instead of passing to the server a request that the CDN already knows its response to (static file), it can return a response immediately to the client and reduce both server load and response time when the cache responds.
The response caches to avoid wasting time processing requests frequently send to Servers and CDNs (Content delivery networks, Cloudflare for example).
Web cache poisoning involves two phases:
- Attackers must obtain a response from the back-end server that recklessly contains some kind of dangerous payload.
- After the successful request, make sure that the response is cached and subsequently served to the intended victims.
Even Though being a known vulnerability, web cache poisoning continues to turn up around the web.
In wide research of numerous websites, including some most popular internet services, security researcher Iustin Ladunca (Youstin) discovered 70 cache poisoning vulnerabilities recently with diverse impacts.
More detailed version along with how you can avoid these vulnerabilities is published at : https://beaglesecurity.com/blog/vulnerability/web-cache-poisoning.html
Top comments (0)