Application Security Terminology

Glossary

Cache Poisoning

Cache poisoning, also known as DNS poisoning and DNS cache spoofing, involves corrupting an Internet server's Domain Name System table by replacing a valid Internet address with that of another, rogue address. When a web user looks for the affected page, the request is redirected to a different address where a worm, spyware, web browser hijacking program, DNS spoofing tool, or other malware can be downloaded to the user's computer from the rogue location.

A cache poisoning attack is possible because of HTTP Response Splitting and flaws in the web application. Cache poisoning can be transmitted within spam email messages, images, and banner ads, increasing the rate at which rogue programs are spread. If a response is cached in a shared web cache commonly found in proxy servers, all users of that cache will continue to receive the malicious content until the cache entry is purged. The same is true if the response is cached in an individual user’s browser.