CPDoS attack can poison CDNs to deliver error pages instead of legitimate sites>
ZD Net – Catalin Cimpanu
Two academics from the Technical University of Cologne (TH Koln) have disclosed this week a new type of web attack that can poison content delivery networks (CDNs) into caching and then serving error pages instead of legitimate websites. The new attack has been named CPDoS (Cache-Poisoned Denial-of-Service), has three variants, and has been deemed practical in the real world (unlike most other web cache attacks). According to the research team, three variants of the CPDoS attack exist, depending on how attackers decide to structure the malformed header. The names are self-explanatory, with using oversized header fields, meta characters that trigger errors, or instructions that override normal server responses. Mitigations against CPDoS attacks, fortunately, exist. The simplest solution is that website owners configure their CDN service to not cache HTTP error pages by default.
Link: https://www.zdnet.com/article/cpdos-attack-can-poison-cdns-to-deliver-error-pages-instead-of-legitimate-sites/