Cache Poisoning Affecting silverstripe/framework package, versions >=4.0.0, <4.4.7>=4.5.0, <4.5.4>=3.0.0, <3.7.5


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.08% (38th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-PHP-SILVERSTRIPEFRAMEWORK-584903
  • published16 Jul 2020
  • disclosed16 Jul 2020
  • creditmemN0ps, Aura Information Security, Will Boucher, Pulse Security, Sabine Degen

Introduced: 16 Jul 2020

CVE-2019-19326  (opens in a new tab)
CWE-444  (opens in a new tab)

How to fix?

Upgrade silverstripe/framework to version 4.4.7, 4.5.4, 3.7.5 or higher.

Overview

silverstripe/framework is a PHP framework forming the base for the SilverStripe CMS.

Affected versions of this package are vulnerable to Cache Poisoning. Silverstripe CMS sites which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Original-Url and X-HTTP-Method-Override headers, responses with malicious HTTP headers can return unexpected responses to other consumers of this cached response. Most other headers associated with web cache poisoning are already disabled through request hostname forgery whitelists.

Silverstripe CMS also supports an alternative means to override a request's HTTP method by including a _method parameter in a POST request. This behaves similarly to the X-HTTP-Method-Override headers and is susceptible to the same vulnerability.

The impact of this vulnerability depends on how you are using request data. The risk potential increases when your site allows user contributed content (such as comments or wiki-style pages).

In addition to public cache headers such as Cache-Control: max-age=<age>, there needs to be an intermediary HTTP cache between the website user and the server. This role is often filled by Content Delivery Networks (CDNs) and system components such as Varnish, but can also appear in the user's own network path (corporate proxies).

References

CVSS Scores

version 3.1