It has been reported that two academics from the Technical University of Cologne (TH Koln) have disclosed a new type of web attack that can poison content delivery networks (CDNs) into caching and then serving error pages instead of legitimate websites.
The new attack has been named CPDoS (Cache-Poisoned Denial-of-Service), has three variants, and has been deemed practical in the real world (unlike most other web cache attacks).
This, of course, is interesting as it introduces a risk towards availability by abusing the exact systems used just for the purpose of ensuring increased availability. For cloud providers, we expect a rather fast resolution. For local cache and proxy systems, this could remain a problem for some time. Organizations taking a position regarding prioritization here have to consider that this is an attack on availability, so investigate potentially affected systems. If their availability is critical to you, take appropriate measures with the recommended mitigations that exist.