| Details | |
|---|---|
| Alert ID | 40039 |
| Alert Type | Active |
| Status | alpha |
| Risk | Medium |
| CWE | |
| WASC | |
| Technologies Targeted | All |
| Tags |
OWASP_2017_A06 OWASP_2021_A05 WSTG-V42-ATHN-06 |
| More Info |
Scan Rule Help |
Summary
Web cache deception may be possible. It may be possible for unauthorised user to view sensitive data on this page.
Solution
It is strongly advised to refrain from classifying file types, such as images or stylesheets solely by their URL and file extension. Instead you should make sure that files are cached based on their Content-Type header.Other Info
References
- https://blogs.akamai.com/2017/03/on-web-cache-deception-attacks.html
- https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/web-cache-deception/