Cache Poisoning Affecting silverstripe/framework package, versions >=4.0.0, <4.4.7>=4.5.0, <4.5.4>=3.0.0, <3.7.5
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-PHP-SILVERSTRIPEFRAMEWORK-584903
- published16 Jul 2020
- disclosed16 Jul 2020
- creditmemN0ps, Aura Information Security, Will Boucher, Pulse Security, Sabine Degen
Introduced: 16 Jul 2020
CVE-2019-19326 (opens in a new tab)How to fix?
Upgrade silverstripe/framework to version 4.4.7, 4.5.4, 3.7.5 or higher.
Overview
silverstripe/framework is a PHP framework forming the base for the SilverStripe CMS.
Affected versions of this package are vulnerable to Cache Poisoning. Silverstripe CMS sites which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Original-Url and X-HTTP-Method-Override headers, responses with malicious HTTP headers can return unexpected responses to other consumers of this cached response. Most other headers associated with web cache poisoning are already disabled through request hostname forgery whitelists.
Silverstripe CMS also supports an alternative means to override a request's HTTP method by including a _method parameter in a POST request. This behaves similarly to the X-HTTP-Method-Override headers and is susceptible to the same vulnerability.
The impact of this vulnerability depends on how you are using request data. The risk potential increases when your site allows user contributed content (such as comments or wiki-style pages).
In addition to public cache headers such as Cache-Control: max-age=<age>, there needs to be an intermediary HTTP cache between the website user and the server. This role is often filled by Content Delivery Networks (CDNs) and system components such as Varnish, but can also appear in the user's own network path (corporate proxies).