C Sharp Cache Control Public True
Description
Detects when cache control headers are set to public, which could expose sensitive information by allowing responses to be stored in shared caches. This vulnerability could lead to unauthorized access to cached data that should remain private between the server and specific users.
Detection Strategy
• Check for new object creation that sets cache control to public
• Monitor assignments to cache control properties that enable public caching
• Identify cache configuration in HTTP response headers that explicitly set public access
• Flag instances where cache-control headers are configured to allow public caching of potentially sensitive responses
Vulnerable code example
using System.Net.Http.Headers;
using System;
public class CacheExample
{
public CacheControlHeaderValue CreateCache()
{
var cacheControl = new CacheControlHeaderValue();...✅ Secure code example
using System.Net.Http.Headers;
using System;
public class CacheExample
{
public CacheControlHeaderValue CreateCache()
{
var cacheControl = new CacheControlHeaderValue();...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.