/alerttags/cwe-524/ Recent content in CWE-524 on ZAP Hugo en-us /docs/alerts/10049-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10049-1/ <p>The response contents are not storable by caching components such as proxy servers. If the response does not contain sensitive, personal or user-specific information, it may benefit from being stored and cached, to improve performance.</p> /docs/alerts/10049-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10049-3/ <p>The response contents are storable by caching components such as proxy servers, and may be retrieved directly from the cache, rather than from the origin server by the caching servers, in response to similar requests from other users. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where &ldquo;shared&rdquo; caching servers such as &ldquo;proxy&rdquo; caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.</p> /docs/alerts/10049-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10049-2/ <p>The response contents are storable by caching components such as proxy servers, but will not be retrieved directly from the cache, without validating the request upstream, in response to similar requests from other users.</p>