Information Disclosure via X-LiteSpeed-Tag Header
Description
The 'X-LiteSpeed-Tag' header indicates that LiteSpeed Web Server’s tag-based cache invalidation or categorization mechanism is in use. By exposing these tag details, attackers may gain insights into how cached content is grouped or managed, potentially enabling them to craft attacks such as cache poisoning, targeted invalidation, or replay of stale resources. Knowledge of specific cache tag structures or conventions can also help adversaries perform more precise reconnaissance on the server’s caching strategy. Ultimately, disclosing this header broadens the application’s attack surface by revealing internal caching logic that could be manipulated or exploited.
Remediation
Remove or mask the 'X-LiteSpeed-Tag' header from production responses so as not to disclose internal cache tagging mechanisms. Configure LiteSpeed Web Server to omit identifying tags, or sanitize them in responses. If you use reverse proxies, CDNs, or load balancers, ensure they do not re-inject or expose these tags. Keep the LiteSpeed server software and any caching plugins updated to address known vulnerabilities. Deploy a Web Application Firewall (WAF) or intrusion detection system to detect suspicious patterns aiming at cache manipulation or tagging exploitation. Regularly audit header configurations to confirm that no sensitive cache details are inadvertently leaked.
References
https://www.litespeedtech.com/docshttps://owasp.org/www-community/attacks/Cache_poisoningSeverity
MEDIUMOwasp
Code: A05:2021
Category: Security Misconfiguration
Classification
5.4
5.4