Information Disclosure via X-LiteSpeed-Vary Header
Description
The 'X-LiteSpeed-Vary' header indicates that LiteSpeed Web Server uses vary-based caching, revealing how responses might differ based on request headers or parameters. Attackers who learn these vary rules can craft requests that manipulate cache behavior, potentially leading to cache poisoning, stale content delivery, or unauthorized data exposure. By understanding how the server classifies different requests, malicious actors could also exploit underlying application logic, bypass certain rules, or force cache misses that degrade performance. Ultimately, disclosing this header expands the application's attack surface by exposing cache variation mechanisms that could be manipulated for malicious ends.
Remediation
Remove or mask the 'X-LiteSpeed-Vary' header so it does not reveal internal caching variation details to untrusted clients. Configure the LiteSpeed Web Server or any intermediaries (proxies, CDNs) to strip or rewrite headers that disclose caching logic. Keep your LiteSpeed setup and any caching plugins updated to address security patches for known issues. Employ a Web Application Firewall (WAF) or intrusion detection system to detect requests that attempt to abuse cache variation. Regularly audit header configurations and logs to confirm no sensitive caching or application details are unintentionally exposed through response headers.
References
https://www.litespeedtech.com/docshttps://owasp.org/www-community/attacks/Cache_poisoningSeverity
MEDIUMOwasp
Code: A05:2021
Category: Security Misconfiguration
Classification
5.4
5.4