Retrieved from Cache
ID |
retrieved_from_cache |
Severity |
info |
Kind |
Fingerprinting |
CWE |
525 |
Description
-
Retrieved from Cache: The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as "proxy" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.
-
Retrieved from Cache: The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as "proxy" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.
Rationale
Sensitive data retrieved from shared caches can expose user information to unauthorized parties. An attacker on the same network can access cached responses containing session tokens, personal data, or authentication credentials. This is particularly dangerous in corporate or educational environments with proxy caches, where one user’s cached session data could be served to another user, leading to session hijacking or data leakage.
Remediation
Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user: Cache-Control: no-cache, no-store, must-revalidate, private Pragma: no-cache Expires: 0 This configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.