• Computer Science
  • Published in ArXiv 2019

Cached and Confused: Web Cache Deception in the Wild

@article{Mirheidari2019CachedAC,
  title={Cached and Confused: Web Cache Deception in the Wild},
  author={Seyed Ali Mirheidari and Sajjad Arshad and Kaan Onarlioglu and Bruno Crispo and Engin Kirda and William Robertson},
  journal={ArXiv},
  year={2019},
  volume={abs/1912.10190}
}
Web cache deception (WCD) is an attack proposed in 2017, where an attacker tricks a caching proxy into erroneously storing private information transmitted over the Internet and subsequently gains unauthorized access to that cached data. Due to the widespread use of web caches and, in particular, the use of massive networks of caching proxies deployed by content distribution network (CDN) providers as a critical component of the Internet, WCD puts a substantial population of Internet users at… CONTINUE READING

References

Publications referenced by this paper.
SHOWING 1-10 OF 45 REFERENCES

HTTP Desync Attacks: Request Smuggling Reborn

  • James Kettle
  • PortSwigger Web Security Blog,
  • 2019
VIEW 1 EXCERPT

Abusing CDNs for Fun and Profit: Security Issues in CDNs' Origin Validation

VIEW 3 EXCERPTS

Breaking Parser Logic: Take Your Path Normalization off and Pop 0days Out

  • Orange Tsai
  • Black Hat USA,
  • 2018
VIEW 2 EXCERPTS

Practical Web Cache Poisoning

  • James Kettle
  • PortSwigger Web Security Blog,
  • 2018
VIEW 1 EXCERPT

Security Researchers Struggle with Bot Management Programs

  • Kaan Onarlioglu
  • Dark Reading,
  • 2018
VIEW 1 EXCERPT

Web Cache Deception Attack revisited

  • Ka-Hing Cheung
  • Cloudflare Blog,
  • 2018
VIEW 2 EXCERPTS

Your Remnant Tells Secret: Residual Resolution in DDoS Protection Services

VIEW 1 EXCERPT