Vulnerabilities
Cache Poisoning
Also known as: Web cache poisoning, Response poisoning
Definition
An attack that stores a malicious response in a shared cache so that other users later receive the attacker's content.
Examples
- Poisoning a CDN by sending an X-Forwarded-Host header that the app reflects into a script tag.
- Caching a 302 redirect with attacker-controlled Location for all visitors.
Related terms
HTTP Request Smuggling
An attack that exploits disagreements between a front-end proxy and a back-end server on how an HTTP request ends, so an attacker can sneak a hidden second request through.
HTTP Desync Attack
A modern form of HTTP request smuggling that desynchronises a chain of proxies and servers to inject malicious traffic into other users' connections.
Web Cache Deception
An attack where a malicious URL tricks an intermediary cache into storing a victim's authenticated, sensitive response under a publicly cacheable path.
DNS Cache Poisoning
An attack that inserts forged records into a DNS resolver's cache so subsequent queries return attacker-chosen addresses until the TTL expires.
Host Header Injection
A vulnerability where an application trusts the HTTP Host (or X-Forwarded-Host) header to build URLs, allowing attackers to redirect users or poison caches.
Cross-Site Scripting (XSS)
A web vulnerability that allows attackers to inject malicious scripts into pages viewed by other users, executing in the victim's browser under the site's origin.