Web Cache Deception #

• Vulnerability that enables an attacker to trick a web cache into storing sensitive, dynamic content.
• Caused by discrepances of how the cache server and the origin server handle requests
• In a web cache deception attack, an attacker persuades a victim to visit a malicious URL, inducing the victims browser to make an ambiguous request for sensitive content.
• The cache misinterprets this as a request for a static resource and stores the response
• The attacker can then request the same URL to access the cached response, gaining unauthorized access to private information.