Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception

Summary Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control headers such as Cache-Control: private or Cache-Control: no-store, which may result in private or...

Security Bulletin: IBM OpenPages Application API Response Caching Header Update

Summary Some IBM OpenPages API responses currently use the caching directive Cache-Control: max-age=0 instead of the more secure Cache-Control: no-store. While max-age=0 means the content is immediately stale, it may still be stored temporarily in browsers or intermediary caches. For sensitive...

Take control of Cache-Control and local caching

TL;DR Caching speeds up website content delivery What caching directives are and how to use them The No-cache directive does not prevent caching The No-store directiveprevents caching Introduction The HTTP Cache-Control header is sometimes misunderstood. It's important because it is used to speci...

SUSE CVE-2009-0358

Mozilla Firefox 3.x before 3.0.6 does not properly implement the 1 no-store and 2 no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the a back button or b history list of the victim's browser, as demonstrated by reading the response page of an...

SUSE CVE-2018-5131

Under certain circumstances the "fetch" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessib...

CVE-2018-5131

Under certain circumstances the "fetch" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessib...

DEBIAN-CVE-2018-5131

Under certain circumstances the "fetch" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessib...

CVE-2018-5131

Under certain circumstances the "fetch" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessib...

USN-3596-2 firefox regression

USN-3596-1 fixed vulnerabilities in Firefox. The update caused an issue where it was not possible to customize the toolbars when running Firefox in Unity. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in...

Mozilla: Fetch API improperly returns cached copies of no-store/no-cache resources (MFSA 2018-07)

Under certain circumstances the "fetch" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessib...

Mozilla: Fetch API improperly returns cached copies of no-store/no-cache resources (MFSA 2018-07)

Under certain circumstances the "fetch" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessib...

UBUNTU-CVE-2018-5131

Under certain circumstances the "fetch" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessib...

Provide HTTP headers for the content that absolutely must not be cached on the client

We have to provide the following HTTP headers in all responses containing sensitive content: Cache-control: no-store Pragma: no-cache We have identified some files at the following path, where we need to provide above headers. We are not able to identify the jsp pages or servlet, so that we can...

Firefox directives to not cache pages ignored

Mozilla Firefox 3.x before 3.0.6 does not properly implement the 1 no-store and 2 no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the a back button or b history list of the victim's browser, as demonstrated by reading the response page of an...

CVE-2008-2143

CVE-2008-2143 affects unspecified Microsoft Outlook Web Access (OWA) versions. The underlying issue is that OWA uses Cache-Control: no-cache instead of no-store, which may allow browsers following RFC-2616 to cache sensitive information. Impact is potential exposure of cached data; no exploitatio...