Web Cache Poisoning Attacks
Web Cache Poisoning is an attack against the integrity of an intermediate Web cache repository, in which genuine content cached for an arbitrary URL is replaced with spoofed content. Users of the Web cache repository will thus consume spoofed content instead of a genuine one when requesting this URL through the Web cache.
A Web cache (or more precisely, an HTTP cache) typically caches the content of URLs, keyed by the URLs. It can be implemented as an intermediate HTTP proxy server (e.g., forward proxy server, transparent proxy server, or reverse proxy server) or as part of the Web client (most modern browsers have a built in Web cache component). Note that the browser caches can also cache HTTPS URLs and content, since they can be implemented such that they access the HTTP requests before SSL encryption and HTTP responses after SSL decryption.
The general concept of cache poisoning is well known, and has been applied to several protocols and caching...
- 1.Klein A (2004) Divide and conquer – HTTP response splitting, Web cache poisoning attacks, and related topics, http:// www.packetstormsecurity.org/papers/general/whitepaper_http response.pdfGoogle Scholar
- 2.Linhart C, Klein A, Heled R, Orrin S (2005) HTTP request smuggling, http://www.cgisecurity.com/lib/HTTP-Request-Smuggling.pdf
- 3.Klein A, Domain contamination, http://www.webappsec.org/projects/articles/020606.txt
- 4.Klein A (2006) IE + some popular forward proxy servers = XSS, defacement (browser cache poisoning), http://www.securityfocus.com/archive/1/434931