Cache Poisoning

medium

cache-poisoning

Attacker injects malicious content into cache to serve compromised data to users

TamperingInformation Disclosure

MITRE ATT&CK techniques

ID	Name	Tactic
T1557	Adversary-in-the-Middle	Credential Access

Common Weakness Enumeration

Mitigating controls

ctrl-cache-1: Implement strict cache key validation
ctrl-cache-2: Use signed URLs or cache tokens
ctrl-cache-3: Configure appropriate cache headers and TTLs
ctrl-cache-4: Monitor cache hit rates for anomalies

References

https://owasp.org/www-community/attacks/Cache_Poisoning