Details
Alert Id 40039
Alert Type Active
Status alpha
Risk Medium
CWE
WASC
Tags OWASP_2017_A06
OWASP_2021_A05
WSTG-V42-ATHN-06

Summary

Web cache deception may be possible. It may be possible for unauthorised user to view sensitive data on this page.

Solution

It is strongly advised to refrain from classifying file types, such as images or stylesheets solely by their URL and file extension. Instead you should make sure that files are cached based on their Content-Type header.

References

Code

org/zaproxy/zap/extension/ascanrulesAlpha/WebCacheDeceptionScanRule.java