A group of security researchers from German universities has devised a new class of web cache poisoning attacks that could render victim services unreachable.
The cache is meant to reduce the volume of network traffic through the reuse of HTTP responses and helps applications scale at large, in addition to providing protection against denial-of-service (DoS) attacks.
Researchers at Cologne University of Applied Sciences and University of Hamburg, Germany, discovered a new attack that involves poisoning the cache with a server-generated error page and then serving useless content instead of the legitimate one.
The attack, the researchers explain in a whitepaper (PDF), works against one proxy cache product and five content delivery network (CDN) services, including prominent solutions that cache high-value websites — Akamai, CDN77, Fastly, Cloudflare, CloudFront, and Varnish allow for error pages to be cached.
“The consequences are severe as one simple request is sufficient to paralyze a victim website within a large geographical region. The awareness of the newly introduced CPDoS attack is highly valuable for researchers for obtaining a comprehensive understanding of causes and countermeasures as well as practitioners for implementing robust and secure distributed systems,” the researchers say.
The attack exploits a general issue in layered systems, where there are differences in interpretation when operating on the same message in sequence. Specifically, the problem arises from the fact that the attacker-generated HTTP request for a cacheable resource contains inaccurate fields that, while ignored by the caching system, raise an error when processed by the origin server.
Thus, the intermediate cache receives an error page from the origin server, meaning that the cache is poison ..
Support the originator by clicking the read the rest link below.
