Web Cache Poisoning Attack – Explained
May 16, 2022
8 min read
In this article:
Web caching enables quicker and seamless browsing by downloading the copy of a file locally, thereby preventing future browser requests from getting redirected to the remote server. In a vulnerable application, threat actors inject specially crafted data into cache memory, causing the webserver to respond with a malicious HTTP response to the user. This form of attack is commonly known as web cache poisoning.
This article discusses a web cache poisoning attack, its impacts, various prevention strategies, and addresses commonly asked questions.
What is Web Cache?
Most web pages are typically accessed several times in a given period. When a client requests a visit to any web page, the webserver temporarily stores a copy of the webpage in its memory. Every subsequent incoming request for the same resource is served with the copy saved on memory, preventing the remote server from getting overloaded. A web cache is the copy of the server’s response that enables quicker delivery of web objects to the client. Physical store data closer to the user also minimizes network traffic and enhances a website’s performance.
How Does Web Caching Work?
The first time a user visits a web page, his request is served from the remote server. The web server receives the client request, retrieves