Quote:A group of security researchers from German universities has devised a new class of web cache poisoning attacks that could render victim services unreachable.
The cache is meant to reduce the volume of network traffic through the reuse of HTTP responses and helps applications scale at large, in addition to providing protection against denial-of-service (DoS) attacks.
Researchers at Cologne University of Applied Sciences and University of Hamburg, Germany, discovered a new attack that involves poisoning the cache with a server-generated error page and then serving useless content instead of the legitimate one.
The attack, the researchers explain in a whitepaper (PDF), works against one proxy cache product and five content delivery network (CDN) services, including prominent solutions that cache high-value websites — Akamai, CDN77, Fastly, Cloudflare, CloudFront, and Varnish allow for error pages to be cached.
“The consequences are severe as one simple request is sufficient to paralyze a victim website within a large geographical region. The awareness of the newly introduced CPDoS attack is highly valuable for researchers for obtaining a comprehensive understanding of causes and countermeasures as well as practitioners for implementing robust and secure distributed systems,” the researchers say.
Read more here: https://www.securityweek.com/researchers...ack-method
![[-]](https://www.geeks.fyi/images/collapse.png)
