Information Disclosure via X-Litespeed-Cache-Control Header
Description
The 'X-Litespeed-Cache-Control' header indicates that LiteSpeed Web Server or its caching module applies specific cache directives. By revealing these directives, attackers may gain insight into how the server treats certain responses, potentially exploiting cache-related weaknesses to force undesired caching, bypass security checks, or manipulate the caching duration. Knowledge of internal cache control logic can also facilitate cache poisoning or stale content attacks if the server or application has other vulnerabilities. Ultimately, exposing these internal directives broadens the attack surface by allowing malicious actors to better understand and target caching behavior.
Remediation
Remove or mask the 'X-Litespeed-Cache-Control' header from production responses to avoid leaking internal caching directives. Configure your LiteSpeed Web Server and any proxies or CDNs to suppress or rewrite headers that disclose caching details. Keep the LiteSpeed server and associated modules updated with security patches, ensuring any known cache-related exploits are mitigated. Deploy a Web Application Firewall (WAF) or intrusion detection system to detect attempts at cache manipulation or poisoning. Periodically review and test your caching configurations to confirm they remain secure and do not inadvertently expose internal directives through response headers.
References
https://www.litespeedtech.com/support/wiki/doku.phphttps://owasp.org/www-community/attacks/Cache_poisoningSeverity
MEDIUMOwasp
Code: A05:2021
Category: Security Misconfiguration
Classification
5.4
5.4