Web Cache Deception

Risk:
Medium

Type:
Active

Summary: Web cache deception may be possible. It may be possible for unauthorised user to view sensitive data on this page.

Solution: It is strongly advised to refrain from classifying file types, such as images or stylesheets solely by their URL and file extension. Instead you should make sure that files are cached based on their Content-Type header.

References

https://blogs.akamai.com/2017/03/on-web-cache-deception-attacks.html

https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/web-cache-deception/