{"id":17907,"date":"2021-11-23T11:56:36","date_gmt":"2021-11-23T06:26:36","guid":{"rendered":"https:\/\/www.varutra.com\/?p=17907"},"modified":"2022-12-02T11:29:31","modified_gmt":"2022-12-02T05:59:31","slug":"web-cache-poisoning-dos-attack","status":"publish","type":"post","link":"https:\/\/www.varutra.com\/varutravrt3\/web-cache-poisoning-dos-attack\/","title":{"rendered":"Web Cache Poisoning DoS Attack"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" width=\"1920\" height=\"1080\" src=\"https:\/\/varutra-1a3b6.kxcdn.com\/wp-content\/uploads\/2021\/11\/Blogs-Banner-Q4-21-1024x535.png\"  class=\"sh-overlay-item sh-table-cell ls-is-cached lazyloaded\" data-rel=\"lightcase\" title=\"Web Cache Poisoning DoS Attack - Varutra Consulting\"><br \/>\nThe Web Cache Poisoning DoS Attack, also known as <strong>CPDoS<\/strong>. It is a type of DoS attack that primarily relies on the webserver&#8217;s cache mechanism.<\/p>\n<p>&nbsp;<\/p>\n<h3><strong>Overview<\/strong><\/h3>\n<p>As we can see that the modern web application\u2019s HTTP servers consist of Front-end and Back-end servers.<\/p>\n<ul>\n<li><strong>Front-end Servers: <\/strong>A &#8220;front-end&#8221; server handles user queries directly. Caching and load balancing are common functions of these servers. They also serve as web application firewalls (WAFs).<\/li>\n<li><strong>Back-end Servers: <\/strong>A &#8220;back-end&#8221; server receives requests from the front-end server. The server-side code runs here.<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-17912 aligncenter\" src=\"https:\/\/www.varutra.com\/wp-content\/uploads\/2021\/11\/Front-end-and-Back-end-servers-concept.png\" alt=\"Front-end and Back-end server\u2019s concept\" width=\"606\" height=\"249\" srcset=\"https:\/\/www.varutra.com\/varutravrt3\/wp-content\/uploads\/2021\/11\/Front-end-and-Back-end-servers-concept.png 606w, https:\/\/www.varutra.com\/varutravrt3\/wp-content\/uploads\/2021\/11\/Front-end-and-Back-end-servers-concept-300x123.png 300w\" sizes=\"(max-width: 606px) 100vw, 606px\" \/><\/p>\n<p style=\"text-align: center\"><strong>Fig 1: Front-end and Back-end server\u2019s concept<\/strong><\/p>\n<p>Here the front-end servers play an important role in the cache mechanism.<\/p>\n<p>&nbsp;<\/p>\n<h3><strong>Cache<\/strong><\/h3>\n<p>The simple function of cache is to store data for future requests. It is done to minimize the time and the information can be served quickly. The data stored in cache is the result of a previous computation or a data copy stored in a different location.<\/p>\n<p>Caching is a technique for enhancing the performance of any application. In technical terms, it is the process of storing and retrieving information from the cache.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-17913 aligncenter\" src=\"https:\/\/www.varutra.com\/wp-content\/uploads\/2021\/11\/Cache-definition.png\" alt=\"Cache definition\" width=\"606\" height=\"305\" srcset=\"https:\/\/www.varutra.com\/varutravrt3\/wp-content\/uploads\/2021\/11\/Cache-definition.png 606w, https:\/\/www.varutra.com\/varutravrt3\/wp-content\/uploads\/2021\/11\/Cache-definition-300x151.png 300w\" sizes=\"(max-width: 606px) 100vw, 606px\" \/><\/p>\n<p style=\"text-align: center\"><strong>Fig 2: Cache definition<\/strong><\/p>\n<p>The conclusion drawn from the figure above is:<\/p>\n<ul>\n<li><strong>First Request:<\/strong>\u00a0The client hits a request to the server. First, it flows like the request and will hit the cache server (front-end), and then it will hit the original server (back-end). The original server will send the response to the caching server. It will be cached here and the same will send to the client (user).<\/li>\n<li><strong>Subsequent Requests:<\/strong>\u00a0Whenever the user hits the same request, instead of the original server the caching server will respond and send it back to the user. It is possible because the response was already been cached by the caching server.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h3><strong>Cache Poisoning\u00a0<\/strong><\/h3>\n<p>Cache poisoning aims to send a request which results in a damaging response. This response will be saved in the cache by default and later will be sent back to the other users.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-17914 size-full\" src=\"https:\/\/www.varutra.com\/wp-content\/uploads\/2021\/11\/Cache-poisoning.png\" alt=\"Web Cache poisoning\" width=\"588\" height=\"155\" srcset=\"https:\/\/www.varutra.com\/varutravrt3\/wp-content\/uploads\/2021\/11\/Cache-poisoning.png 588w, https:\/\/www.varutra.com\/varutravrt3\/wp-content\/uploads\/2021\/11\/Cache-poisoning-300x79.png 300w\" sizes=\"(max-width: 588px) 100vw, 588px\" \/><\/p>\n<p style=\"text-align: center\"><strong>Fig 3: Cache poisoning<\/strong><\/p>\n<p>An attacker sends a malicious request to the server, then the malicious response will be cached in the cache server. Whenever the user hits the same request, the poisoned response from the cache will be sent to the user.<\/p>\n<p>&nbsp;<\/p>\n<h3><strong>DoS Attack<\/strong><\/h3>\n<p>The main aim of a Denial of Service (DoS) assault is to make a resource (a website, an application, or a server) inaccessible and the user can\u2019t carry out the functions for which it was created.<\/p>\n<p>&nbsp;<\/p>\n<h3><strong>Cache Poisoning DoS (CPDoS) Attack<\/strong><\/h3>\n<p>There is a new type of\u00a0<a href=\"https:\/\/www.varutra.com\/web-cache-poisoning-through-host-header-injection\/\">web cache poisoning attack<\/a>\u00a0which is known as Cache-Poisoned Denial-of-Service or CPDoS attack. It results in web resources and websites getting taken down. For instance, if there is an intermediate cache proxy server (front end) between the client (the user) and the webserver (the back end) that can configure cache replies with error-related status codes, the CPDoS attacks are conceivable (e.g. 400 Bad Request).<\/p>\n<p>An attacker can manipulate <a href=\"https:\/\/www.varutra.com\/http-request-smuggling\/\">HTTP requests<\/a> to force a web server to respond with an error status code for a resource that already exists (path). The proxy server then caches the error response, and other users who request the same resource will receive the cache proxy&#8217;s error answer rather than a correct response.<\/p>\n<p>&nbsp;<\/p>\n<h3><strong>The Attack Flow<\/strong><\/h3>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-17915 aligncenter\" src=\"https:\/\/www.varutra.com\/wp-content\/uploads\/2021\/11\/CPDoS-Attack-Flow.png\" alt=\"CPDoS Attack Flow\" width=\"566\" height=\"333\" srcset=\"https:\/\/www.varutra.com\/varutravrt3\/wp-content\/uploads\/2021\/11\/CPDoS-Attack-Flow.png 566w, https:\/\/www.varutra.com\/varutravrt3\/wp-content\/uploads\/2021\/11\/CPDoS-Attack-Flow-300x177.png 300w\" sizes=\"(max-width: 566px) 100vw, 566px\" \/><\/p>\n<p style=\"text-align: center\"><strong>Fig 4: CPDoS Attack Flow<\/strong><\/p>\n<ul>\n<li>The attacker sends a normal HTTP request with a malicious header value to the webserver (Back-end Server).<\/li>\n<li>Then, the cache server (Front end) which is in between client and server will process the request and send it back to the origin server (Back end).<\/li>\n<li>Since the request is malicious, the origin server recognized it and responded with the error response.<\/li>\n<li>The error response will be stored\/cached by the cache server and the same will be sent to the attacker.<\/li>\n<li>Since the attacker knows that the attack was successful when any legitimate user tries to obtain the target resource with subsequent requests.<\/li>\n<li>The legitimate user will receive the cached error response from the cache server.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h3><strong>Variations of CPDoS Attack\u00a0<\/strong><\/h3>\n<ul>\n<li><strong>HTTP Header Oversize (HHO):\u00a0<\/strong>Most web servers provide a request header size limit (Apache\u2019s default limit is 8,196 bytes). However, some systems permit limits larger than 8,192 bytes, and CDN even allows up to 20,480 bytes.<\/li>\n<\/ul>\n<p>HHO CPDoS attack can be exploited in a web application when the following scenario occurs. A cache server intercepts a large header size limit than its original server. To exploit it, an attacker sends a malicious request with a request header with a larger size limit than the origin server but less than the cache server. This request is blocked by the webserver because request dear has exceeded the header size limit. As a result, it returns an error page with error code 400 Bad Request which is now stored by the cache. All future requests that are requesting a response from the resource will now receive an error instead of the original content.<\/p>\n<p>Sample request of header oversize looks like,<\/p>\n<pre><em><strong>GET \/test.html HTTP\/1.1<\/strong><\/em>\r\n\r\n<em><strong>Host:\u00a0<\/strong><\/em><a href=\"http:\/\/www.example.com\"><em><strong>www.example.com<\/strong><\/em><\/a>\r\n\r\n<em><strong>X-Oversized-Header: large value<\/strong><\/em>\r\n\r\n<em><strong>\u2026<\/strong><\/em><\/pre>\n<ul>\n<li><strong>HTTP Meta Character (HMC):\u00a0<\/strong>It is similar to the above attack, instead of sending a malicious header with a larger value, an attacker can send a request header with harmful meta characters such as\u00a0<strong>\\n, \\r.<\/strong><\/li>\n<\/ul>\n<p>Sample request of header oversize looks like,<\/p>\n<pre><em><strong>GET \/test.html HTTP\/1.1<\/strong><\/em>\r\n\r\n<em><strong>Host:\u00a0<\/strong><\/em><a href=\"http:\/\/www.example.com\"><em><strong>www.example.com<\/strong><\/em><\/a>\r\n\r\n<em><strong>X-Metachar-Header: \\n<\/strong><\/em>\r\n\r\n<em><strong>\u2026<\/strong><\/em><\/pre>\n<p>The cache server which does not know about the meta characters can forward the above request to the server without blocking the harmful characters. The origin server will detect the request as malicious and returns the error response which is stored and later reused by the cache.<\/p>\n<ul>\n<li><strong>HTTP Method Override (HMO):\u00a0<\/strong>\u00a0There are several HTTP methods such as \u2018GET\u2019, \u2018POST\u2019, \u2018DELETE\u2019, \u2018PUT\u2019, etc in which the cache server does only responds to \u2018GET\u2019 and \u2018POST\u2019. In this method, an attacker sends a request with a header such as \u2018X-HTTP-Method-Override\u2019 with a value that is not supported by the server. Then it returns the error message which is stored and reused by the cache server.<\/li>\n<\/ul>\n<p>Sample request of header oversize looks like,<\/p>\n<pre><em><strong>GET \/test.html HTTP\/1.1<\/strong><\/em>\r\n\r\n<em><strong>Host:\u00a0<\/strong><\/em><a href=\"http:\/\/www.example.com\"><em><strong>www.example.com<\/strong><\/em><\/a>\r\n\r\n<em><strong>X-HTTP-Method-Override: DELETE<\/strong><\/em>\r\n\r\n<em><strong>\u2026<\/strong><\/em><\/pre>\n<p>&nbsp;<\/p>\n<h3><strong>Recommendations To Mitigate Web Cache Poisoning DoS (<\/strong><strong>CPDoS) <\/strong><strong>Attack\u00a0<\/strong><\/h3>\n<p>Mitigations against CPDoS attacks.<\/p>\n<ul>\n<li>Generally, the website owners try to configure their CDN service so that no cache of HTTP error is caught by default.<\/li>\n<li>Add &#8220;Cache-Control: no-store&#8221; in the HTTP header for all error pages. This way, you can disable cache error pages from the server&#8217;s configuration files.<\/li>\n<li>CDNs cannot cache error 404 Bad requests which are generated by CPDoS attacks but errors like 404 (Not found), 405 (Method not permitted), 410 (Lost or Gone), and 501 (Cannot be implemented) can be received according to the CDNs web caching standard.<\/li>\n<li>The basic step to prevent CPDoS attacks is by caching the error pages under the policies of the HTTP standard.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h3><strong>Conclusion<\/strong><\/h3>\n<p>Web Cache Poisoning is one of the devious ways that damage the web infrastructure. So, it is crucial to protect yourself from these attacks. One such web cache vulnerability that you can come across is\u00a0<a href=\"https:\/\/www.varutra.com\/web-cache-deception\/\">web cache deception<\/a>. You can also read about such cyber issues in our\u00a0<a href=\"https:\/\/www.varutra.com\/blogs\/\">blog<\/a>\u00a0section. For more information, you can visit our\u00a0<a href=\"https:\/\/www.varutra.com\/\">website<\/a>\u00a0and connect with our cybersecurity professionals for expert advice.<\/p>\n<p>&nbsp;<\/p>\n<p>Author<\/p>\n<p><strong>D.Vamshi Krishna<\/strong><\/p>\n<p>Attack and Pentest Team<\/p>\n<p>Varutra Consulting Pvt. Ltd.<\/p>","protected":false},"excerpt":{"rendered":"<p>The Web Cache Poisoning DoS Attack, also known as CPDoS. It is a type of DoS attack that primarily relies on the webserver&#8217;s cache mechanism&#8230;.<\/p>\n","protected":false},"author":4,"featured_media":17924,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"inline_featured_image":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[276,272],"tags":[562,558,560,559,341,309,561],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO Pro 4.6.3 - aioseo.com -->\n\t\t<meta name=\"description\" content=\"The CPDoS or Cache-Poisoned DoS attack is a web cache poisoning attack. This attack results in the user receiving an error rather than original content.\" \/>\n\t\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t\t<link rel=\"canonical\" href=\"https:\/\/www.varutra.com\/varutravrt3\/web-cache-poisoning-dos-attack\/\" \/>\n\t\t<meta name=\"generator\" content=\"All in One SEO Pro (AIOSEO) 4.6.3\" \/>\n\t\t<meta property=\"og:locale\" content=\"en_US\" \/>\n\t\t<meta property=\"og:site_name\" content=\"Varutra Consulting\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"Web Cache Poisoning DoS (CPDoS) Attack and it&#039;s Mitigation\" \/>\n\t\t<meta property=\"og:description\" content=\"The CPDoS or Cache-Poisoned DoS attack is a web cache poisoning attack. This attack results in the user receiving an error rather than original content.\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/www.varutra.com\/varutravrt3\/web-cache-poisoning-dos-attack\/\" \/>\n\t\t<meta property=\"article:tag\" content=\"cache\" \/>\n\t\t<meta property=\"article:tag\" content=\"cache poisoning\" \/>\n\t\t<meta property=\"article:tag\" content=\"cpdos\" \/>\n\t\t<meta property=\"article:tag\" content=\"dos attack\" \/>\n\t\t<meta property=\"article:tag\" content=\"web application security\" \/>\n\t\t<meta property=\"article:tag\" content=\"web cache\" \/>\n\t\t<meta property=\"article:tag\" content=\"web cache vulnerability\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2021-11-23T06:26:36+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2022-12-02T05:59:31+00:00\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n\t\t<meta name=\"twitter:title\" content=\"Web Cache Poisoning DoS (CPDoS) Attack and it&#039;s Mitigation\" \/>\n\t\t<meta name=\"twitter:description\" content=\"The CPDoS or Cache-Poisoned DoS attack is a web cache poisoning attack. This attack results in the user receiving an error rather than original content.\" \/>\n\t\t<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t\t<meta name=\"twitter:data1\" content=\"kalpblogger\" \/>\n\t\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/web-cache-poisoning-dos-attack\\\/#article\",\"name\":\"Web Cache Poisoning DoS (CPDoS) Attack and it's Mitigation\",\"headline\":\"Web Cache Poisoning DoS Attack\",\"author\":{\"@id\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/author\\\/kalpblogger\\\/#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/#organization\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/wp-content\\\/uploads\\\/2021\\\/11\\\/Blogs-Banner-Q4-21.png\",\"width\":1200,\"height\":627,\"caption\":\"Web Cache Poisoning DoS Attack\"},\"datePublished\":\"2021-11-23T11:56:36+05:30\",\"dateModified\":\"2022-12-02T11:29:31+05:30\",\"inLanguage\":\"en-US\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/web-cache-poisoning-dos-attack\\\/#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/web-cache-poisoning-dos-attack\\\/#webpage\"},\"articleSection\":\"Cyber Attack, Web Application Security, Cache, Cache Poisoning, CPDoS, DoS Attack, web application security, web cache, web cache vulnerability\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/web-cache-poisoning-dos-attack\\\/#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/\",\"nextItem\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/web-cache-poisoning-dos-attack\\\/#listItem\"},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/web-cache-poisoning-dos-attack\\\/#listItem\",\"position\":2,\"name\":\"Web Cache Poisoning DoS Attack\",\"previousItem\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/#listItem\"}]},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/#organization\",\"name\":\"Varutra\",\"url\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/www.varutra.com\\\/wp-content\\\/uploads\\\/2021\\\/11\\\/Varutra-Found-e1612984024606.jpg\",\"@id\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/web-cache-poisoning-dos-attack\\\/#organizationLogo\"},\"image\":{\"@id\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/web-cache-poisoning-dos-attack\\\/#organizationLogo\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/author\\\/kalpblogger\\\/#author\",\"url\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/author\\\/kalpblogger\\\/\",\"name\":\"kalpblogger\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/web-cache-poisoning-dos-attack\\\/#authorImage\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5e96a9b330da7c941c1e39217a2fbe38?s=96&d=mm&r=g\",\"width\":96,\"height\":96,\"caption\":\"kalpblogger\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/web-cache-poisoning-dos-attack\\\/#webpage\",\"url\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/web-cache-poisoning-dos-attack\\\/\",\"name\":\"Web Cache Poisoning DoS (CPDoS) Attack and it's Mitigation\",\"description\":\"The CPDoS or Cache-Poisoned DoS attack is a web cache poisoning attack. This attack results in the user receiving an error rather than original content.\",\"inLanguage\":\"en-US\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/web-cache-poisoning-dos-attack\\\/#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/author\\\/kalpblogger\\\/#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/author\\\/kalpblogger\\\/#author\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/wp-content\\\/uploads\\\/2021\\\/11\\\/Blogs-Banner-Q4-21.png\",\"@id\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/web-cache-poisoning-dos-attack\\\/#mainImage\",\"width\":1200,\"height\":627,\"caption\":\"Web Cache Poisoning DoS Attack\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/web-cache-poisoning-dos-attack\\\/#mainImage\"},\"datePublished\":\"2021-11-23T11:56:36+05:30\",\"dateModified\":\"2022-12-02T11:29:31+05:30\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/#website\",\"url\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/\",\"name\":\"Varutra Consulting\",\"description\":\"Secure your digital world with our Cybersecurity services.\",\"inLanguage\":\"en-US\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.varutra.com\\\/varutravrt3\\\/#organization\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO Pro -->\r\n\t\t<title>Web Cache Poisoning DoS (CPDoS) Attack and it's Mitigation<\/title>\n\n","aioseo_head_json":{"title":"Web Cache Poisoning DoS (CPDoS) Attack and it's Mitigation","description":"The CPDoS or Cache-Poisoned DoS attack is a web cache poisoning attack. This attack results in the user receiving an error rather than original content.","canonical_url":"https:\/\/www.varutra.com\/varutravrt3\/web-cache-poisoning-dos-attack\/","robots":"max-image-preview:large","keywords":"","webmasterTools":{"miscellaneous":""},"og:locale":"en_US","og:site_name":"Varutra Consulting","og:type":"article","og:title":"Web Cache Poisoning DoS (CPDoS) Attack and it's Mitigation","og:description":"The CPDoS or Cache-Poisoned DoS attack is a web cache poisoning attack. This attack results in the user receiving an error rather than original content.","og:url":"https:\/\/www.varutra.com\/varutravrt3\/web-cache-poisoning-dos-attack\/","article:tag":["cache","cache poisoning","cpdos","dos attack","web application security","web cache","web cache vulnerability"],"article:published_time":"2021-11-23T06:26:36+00:00","article:modified_time":"2022-12-02T05:59:31+00:00","twitter:card":"summary_large_image","twitter:title":"Web Cache Poisoning DoS (CPDoS) Attack and it's Mitigation","twitter:description":"The CPDoS or Cache-Poisoned DoS attack is a web cache poisoning attack. This attack results in the user receiving an error rather than original content.","twitter:label1":"Written by","twitter:data1":"kalpblogger","twitter:label2":"Est. reading time","twitter:data2":"6 minutes","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.varutra.com\/varutravrt3\/web-cache-poisoning-dos-attack\/#article","name":"Web Cache Poisoning DoS (CPDoS) Attack and it's Mitigation","headline":"Web Cache Poisoning DoS Attack","author":{"@id":"https:\/\/www.varutra.com\/varutravrt3\/author\/kalpblogger\/#author"},"publisher":{"@id":"https:\/\/www.varutra.com\/varutravrt3\/#organization"},"image":{"@type":"ImageObject","url":"https:\/\/www.varutra.com\/varutravrt3\/wp-content\/uploads\/2021\/11\/Blogs-Banner-Q4-21.png","width":1200,"height":627,"caption":"Web Cache Poisoning DoS Attack"},"datePublished":"2021-11-23T11:56:36+05:30","dateModified":"2022-12-02T11:29:31+05:30","inLanguage":"en-US","mainEntityOfPage":{"@id":"https:\/\/www.varutra.com\/varutravrt3\/web-cache-poisoning-dos-attack\/#webpage"},"isPartOf":{"@id":"https:\/\/www.varutra.com\/varutravrt3\/web-cache-poisoning-dos-attack\/#webpage"},"articleSection":"Cyber Attack, Web Application Security, Cache, Cache Poisoning, CPDoS, DoS Attack, web application security, web cache, web cache vulnerability"},{"@type":"BreadcrumbList","@id":"https:\/\/www.varutra.com\/varutravrt3\/web-cache-poisoning-dos-attack\/#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/www.varutra.com\/varutravrt3\/#listItem","position":1,"name":"Home","item":"https:\/\/www.varutra.com\/varutravrt3\/","nextItem":"https:\/\/www.varutra.com\/varutravrt3\/web-cache-poisoning-dos-attack\/#listItem"},{"@type":"ListItem","@id":"https:\/\/www.varutra.com\/varutravrt3\/web-cache-poisoning-dos-attack\/#listItem","position":2,"name":"Web Cache Poisoning DoS Attack","previousItem":"https:\/\/www.varutra.com\/varutravrt3\/#listItem"}]},{"@type":"Organization","@id":"https:\/\/www.varutra.com\/varutravrt3\/#organization","name":"Varutra","url":"https:\/\/www.varutra.com\/varutravrt3\/","logo":{"@type":"ImageObject","url":"https:\/\/www.varutra.com\/wp-content\/uploads\/2021\/11\/Varutra-Found-e1612984024606.jpg","@id":"https:\/\/www.varutra.com\/varutravrt3\/web-cache-poisoning-dos-attack\/#organizationLogo"},"image":{"@id":"https:\/\/www.varutra.com\/varutravrt3\/web-cache-poisoning-dos-attack\/#organizationLogo"}},{"@type":"Person","@id":"https:\/\/www.varutra.com\/varutravrt3\/author\/kalpblogger\/#author","url":"https:\/\/www.varutra.com\/varutravrt3\/author\/kalpblogger\/","name":"kalpblogger","image":{"@type":"ImageObject","@id":"https:\/\/www.varutra.com\/varutravrt3\/web-cache-poisoning-dos-attack\/#authorImage","url":"https:\/\/secure.gravatar.com\/avatar\/5e96a9b330da7c941c1e39217a2fbe38?s=96&d=mm&r=g","width":96,"height":96,"caption":"kalpblogger"}},{"@type":"WebPage","@id":"https:\/\/www.varutra.com\/varutravrt3\/web-cache-poisoning-dos-attack\/#webpage","url":"https:\/\/www.varutra.com\/varutravrt3\/web-cache-poisoning-dos-attack\/","name":"Web Cache Poisoning DoS (CPDoS) Attack and it's Mitigation","description":"The CPDoS or Cache-Poisoned DoS attack is a web cache poisoning attack. This attack results in the user receiving an error rather than original content.","inLanguage":"en-US","isPartOf":{"@id":"https:\/\/www.varutra.com\/varutravrt3\/#website"},"breadcrumb":{"@id":"https:\/\/www.varutra.com\/varutravrt3\/web-cache-poisoning-dos-attack\/#breadcrumblist"},"author":{"@id":"https:\/\/www.varutra.com\/varutravrt3\/author\/kalpblogger\/#author"},"creator":{"@id":"https:\/\/www.varutra.com\/varutravrt3\/author\/kalpblogger\/#author"},"image":{"@type":"ImageObject","url":"https:\/\/www.varutra.com\/varutravrt3\/wp-content\/uploads\/2021\/11\/Blogs-Banner-Q4-21.png","@id":"https:\/\/www.varutra.com\/varutravrt3\/web-cache-poisoning-dos-attack\/#mainImage","width":1200,"height":627,"caption":"Web Cache Poisoning DoS Attack"},"primaryImageOfPage":{"@id":"https:\/\/www.varutra.com\/varutravrt3\/web-cache-poisoning-dos-attack\/#mainImage"},"datePublished":"2021-11-23T11:56:36+05:30","dateModified":"2022-12-02T11:29:31+05:30"},{"@type":"WebSite","@id":"https:\/\/www.varutra.com\/varutravrt3\/#website","url":"https:\/\/www.varutra.com\/varutravrt3\/","name":"Varutra Consulting","description":"Secure your digital world with our Cybersecurity services.","inLanguage":"en-US","publisher":{"@id":"https:\/\/www.varutra.com\/varutravrt3\/#organization"}}]}},"aioseo_meta_data":{"post_id":"17907","title":"Web Cache Poisoning DoS (CPDoS) Attack and it's Mitigation","description":"The CPDoS or Cache-Poisoned DoS attack is a web cache poisoning attack. This attack results in the user receiving an error rather than original content.","keywords":[],"keyphrases":"{\"focus\":{\"keyphrase\":\"Cache Poisoning\",\"score\":90,\"analysis\":{\"keyphraseInTitle\":{\"title\":\"Focus keyphrase in SEO title\",\"description\":\"Focus keyphrase found in SEO title.\",\"score\":9,\"maxScore\":9,\"error\":0},\"keyphraseInDescription\":{\"title\":\"Focus keyphrase in meta description\",\"description\":\"Focus keyphrase found in meta description.\",\"score\":9,\"maxScore\":9,\"error\":0},\"keyphraseLength\":{\"title\":\"Focus keyphrase length\",\"description\":\"Good job!\",\"score\":9,\"maxScore\":9,\"error\":0,\"length\":2},\"keyphraseInURL\":{\"title\":\"Focus keyphrase in URL\",\"description\":\"Focus keyphrase used in the URL.\",\"score\":5,\"maxScore\":5,\"error\":0},\"keyphraseInIntroduction\":{\"title\":\"Focus keyphrase in introduction\",\"description\":\"Your Focus keyphrase does not appear in the first paragraph. Make sure the topic is clear immediately.\",\"score\":3,\"maxScore\":9,\"error\":1},\"keyphraseInSubHeadings\":{\"title\":\"Focus keyphrase in Subheadings\",\"description\":\"Your H2 and H3 subheadings reflects the topic of your copy. Good job!\",\"score\":9,\"maxScore\":9,\"error\":0},\"keyphraseInImageAlt\":{\"title\":\"Focus keyphrase in image alt attributes\",\"description\":\"Focus keyphrase found in image alt attribute(s).\",\"score\":9,\"maxScore\":9,\"error\":0}}},\"additional\":[{\"keyphrase\":\"DoS Attack\",\"score\":83,\"analysis\":{\"keyphraseInDescription\":{\"title\":\"Keyphrase in meta description\",\"description\":\"Keyphrase found in meta description.\",\"score\":9,\"maxScore\":9,\"error\":0},\"keyphraseLength\":{\"title\":\"Keyphrase length\",\"description\":\"Good job!\",\"score\":9,\"maxScore\":9,\"error\":0,\"length\":2},\"keyphraseInIntroduction\":{\"title\":\"Keyphrase in introduction\",\"description\":\"Your Keyphrase does not appear in the first paragraph. Make sure the topic is clear immediately.\",\"score\":3,\"maxScore\":9,\"error\":1},\"keyphraseInImageAlt\":{\"title\":\"Keyphrase in image alt attributes\",\"description\":\"Keyphrase found in image alt attribute(s).\",\"score\":9,\"maxScore\":9,\"error\":0}}},{\"keyphrase\":\"CPDoS\",\"score\":83,\"analysis\":{\"keyphraseInDescription\":{\"title\":\"Keyphrase in meta description\",\"description\":\"Keyphrase found in meta description.\",\"score\":9,\"maxScore\":9,\"error\":0},\"keyphraseLength\":{\"title\":\"Keyphrase length\",\"description\":\"Good job!\",\"score\":9,\"maxScore\":9,\"error\":0,\"length\":1},\"keyphraseInIntroduction\":{\"title\":\"Keyphrase in introduction\",\"description\":\"Your Keyphrase does not appear in the first paragraph. Make sure the topic is clear immediately.\",\"score\":3,\"maxScore\":9,\"error\":1},\"keyphraseInImageAlt\":{\"title\":\"Keyphrase in image alt attributes\",\"description\":\"Keyphrase found in image alt attribute(s).\",\"score\":9,\"maxScore\":9,\"error\":0}}},{\"keyphrase\":\"Cache\",\"score\":83,\"analysis\":{\"keyphraseInDescription\":{\"title\":\"Keyphrase in meta description\",\"description\":\"Keyphrase found in meta description.\",\"score\":9,\"maxScore\":9,\"error\":0},\"keyphraseLength\":{\"title\":\"Keyphrase length\",\"description\":\"Good job!\",\"score\":9,\"maxScore\":9,\"error\":0,\"length\":1},\"keyphraseInIntroduction\":{\"title\":\"Keyphrase in introduction\",\"description\":\"Your Keyphrase does not appear in the first paragraph. Make sure the topic is clear immediately.\",\"score\":3,\"maxScore\":9,\"error\":1},\"keyphraseInImageAlt\":{\"title\":\"Keyphrase in image alt attributes\",\"description\":\"Keyphrase found in image alt attribute(s).\",\"score\":9,\"maxScore\":9,\"error\":0}}},{\"keyphrase\":\"Web Cache Poisoning\",\"score\":83,\"analysis\":{\"keyphraseInDescription\":{\"title\":\"Keyphrase in meta description\",\"description\":\"Keyphrase found in meta description.\",\"score\":9,\"maxScore\":9,\"error\":0},\"keyphraseLength\":{\"title\":\"Keyphrase length\",\"description\":\"Good job!\",\"score\":9,\"maxScore\":9,\"error\":0,\"length\":3},\"keyphraseInIntroduction\":{\"title\":\"Keyphrase in introduction\",\"description\":\"Your Keyphrase does not appear in the first paragraph. Make sure the topic is clear immediately.\",\"score\":3,\"maxScore\":9,\"error\":1},\"keyphraseInImageAlt\":{\"title\":\"Keyphrase in image alt attributes\",\"description\":\"Keyphrase found in image alt attribute(s).\",\"score\":9,\"maxScore\":9,\"error\":0}}},{\"keyphrase\":\"Web Cache Poisoning Attack\",\"score\":67,\"analysis\":{\"keyphraseInDescription\":{\"title\":\"Keyphrase in meta description\",\"description\":\"Keyphrase found in meta description.\",\"score\":9,\"maxScore\":9,\"error\":0},\"keyphraseLength\":{\"title\":\"Keyphrase length\",\"description\":\"Good job!\",\"score\":9,\"maxScore\":9,\"error\":0,\"length\":4},\"keyphraseInIntroduction\":{\"title\":\"Keyphrase in introduction\",\"description\":\"Your Keyphrase does not appear in the first paragraph. Make sure the topic is clear immediately.\",\"score\":3,\"maxScore\":9,\"error\":1},\"keyphraseInImageAlt\":{\"title\":\"Keyphrase in image alt attributes\",\"description\":\"Keyphrase not found in image alt attribute(s). Add an image with your Keyphrase as alt text.\",\"score\":3,\"maxScore\":9,\"error\":1}}},{\"keyphrase\":\"DoS\",\"score\":83,\"analysis\":{\"keyphraseInDescription\":{\"title\":\"Keyphrase in meta description\",\"description\":\"Keyphrase found in meta description.\",\"score\":9,\"maxScore\":9,\"error\":0},\"keyphraseLength\":{\"title\":\"Keyphrase length\",\"description\":\"Good job!\",\"score\":9,\"maxScore\":9,\"error\":0,\"length\":1},\"keyphraseInIntroduction\":{\"title\":\"Keyphrase in introduction\",\"description\":\"Your Keyphrase does not appear in the first paragraph. Make sure the topic is clear immediately.\",\"score\":3,\"maxScore\":9,\"error\":1},\"keyphraseInImageAlt\":{\"title\":\"Keyphrase in image alt attributes\",\"description\":\"Keyphrase found in image alt attribute(s).\",\"score\":9,\"maxScore\":9,\"error\":0}}}]}","primary_term":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"default","og_image_url":null,"og_image_width":null,"og_image_height":null,"og_image_custom_url":null,"og_image_custom_fields":null,"og_video":"","og_custom_url":null,"og_article_section":null,"og_article_tags":[],"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"","isEnabled":true},"graphs":[]},"schema_type":"default","schema_type_options":"{\"article\":{\"articleType\":\"BlogPosting\"},\"course\":{\"name\":\"\",\"description\":\"\",\"provider\":\"\"},\"faq\":{\"pages\":[]},\"product\":{\"reviews\":[]},\"recipe\":{\"ingredients\":[],\"instructions\":[],\"keywords\":[]},\"software\":{\"reviews\":[],\"operatingSystems\":[]},\"webPage\":{\"webPageType\":\"WebPage\"}}","pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":"-1","robots_max_videopreview":"-1","robots_max_imagepreview":"large","priority":null,"frequency":"default","local_seo":null,"limit_modified_date":false,"open_ai":null,"created":"2021-11-23 05:49:53","updated":"2022-12-02 06:12:37"},"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t<a href=\"https:\/\/www.varutra.com\/varutravrt3\" title=\"Home\">Home<\/a>\n<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t<a href=\"https:\/\/www.varutra.com\/varutravrt3\/category\/cyber-attack\/\" title=\"Cyber Attack\">Cyber Attack<\/a>\n<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\tWeb Cache Poisoning DoS Attack\n<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"Home","link":"https:\/\/www.varutra.com\/varutravrt3"},{"label":"Cyber Attack","link":"https:\/\/www.varutra.com\/varutravrt3\/category\/cyber-attack\/"},{"label":"Web Cache Poisoning DoS Attack","link":"https:\/\/www.varutra.com\/varutravrt3\/web-cache-poisoning-dos-attack\/"}],"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/www.varutra.com\/varutravrt3\/wp-json\/wp\/v2\/posts\/17907"}],"collection":[{"href":"https:\/\/www.varutra.com\/varutravrt3\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.varutra.com\/varutravrt3\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.varutra.com\/varutravrt3\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.varutra.com\/varutravrt3\/wp-json\/wp\/v2\/comments?post=17907"}],"version-history":[{"count":5,"href":"https:\/\/www.varutra.com\/varutravrt3\/wp-json\/wp\/v2\/posts\/17907\/revisions"}],"predecessor-version":[{"id":20213,"href":"https:\/\/www.varutra.com\/varutravrt3\/wp-json\/wp\/v2\/posts\/17907\/revisions\/20213"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.varutra.com\/varutravrt3\/wp-json\/wp\/v2\/media\/17924"}],"wp:attachment":[{"href":"https:\/\/www.varutra.com\/varutravrt3\/wp-json\/wp\/v2\/media?parent=17907"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.varutra.com\/varutravrt3\/wp-json\/wp\/v2\/categories?post=17907"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.varutra.com\/varutravrt3\/wp-json\/wp\/v2\/tags?post=17907"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}