What it is
Web cache poisoning targets caching layers—CDNs, reverse proxies, or application caches—by crafting requests that trick the cache into storing a tampered response. Subsequent visitors receive the cached payload, which can include malicious scripts, redirects, or sensitive data meant for another user.
Why it matters
Because caches sit in front of web infrastructure, a single poisoned entry can impact thousands of users without any ongoing attacker interaction. These attacks bypass application authentication, spread malware at scale, and often go unnoticed until customers report suspicious behavior.
How to reduce risk
- Strictly validate and sanitize user-controlled headers or parameters before they influence cache keys
- Avoid caching responses that contain user-generated content or personalized data
- Configure cache policies so only safe responses are stored and served
- Include cache testing in security assessments to identify poisonable endpoints