New Web Attack Poisons CDN Sites To Display Error Pages

It has been reported that two academics from the Technical University of Cologne (TH Koln) have disclosed a new type of web attack that can poison content delivery networks (CDNs) into caching and then serving error pages instead of legitimate websites.

The new attack has been named CPDoS (Cache-Poisoned Denial-of-Service), has three variants, and has been deemed practical in the real world (unlike most other web cache attacks).

Notify of

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Martin Jartelius
Martin Jartelius , CSO
InfoSec Expert
October 24, 2019 1:48 pm

This, of course, is interesting as it introduces a risk towards availability by abusing the exact systems used just for the purpose of ensuring increased availability. For cloud providers, we expect a rather fast resolution. For local cache and proxy systems, this could remain a problem for some time. Organizations taking a position regarding prioritization here have to consider that this is an attack on availability, so investigate potentially affected systems. If their availability is critical to you, take appropriate measures with the recommended mitigations that exist.

Last edited 2 years ago by Martin Jartelius
Information Security Buzz
Would love your thoughts, please comment.x