Parameter Cloaking

The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

Get Social

Connect with experts and join the conversation about Radware technologies.

Blog
Security Research Center
CyberPedia

Parameter Cloaking

Contact Radware Sales

Already a Customer?

Get Social

Solutions

Free Assessment Tools

Products & Services

By Industry

Solutions

Products & Services

By Industry

Solutions

Products & Services

By Industry

Solutions

Products & Services

By Industry

Solutions

Products & Services

Documents

Events

Blog

Software Downloads

Security Research Center

Free Assessment Tools

Parameter Cloaking

Contact Radware Sales

Already a Customer?

Get Social

What are you looking for?