logo

Web Cache Deception

  • Risk:
  • Medium

  • Type:
  • Active
Summary

Web cache deception may be possible. It may be possible for unauthorised user to view sensitive data on this page.

Solution

It is strongly advised to refrain from classifying file types, such as images or stylesheets solely by their URL and file extension. Instead you should make sure that files are cached based on their Content-Type header.

References

https://blogs.akamai.com/2017/03/on-web-cache-deception-attacks.html

https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/web-cache-deception/

Free security scan for your website