Researchers at the Technical University of Cologne (TH Koln) in Germany discovered a new type of Web attack that can compromise content delivery networks (CDNs) into caching and then serving error pages instead of legitimate websites.
The new attack, called CPDoS (Cache-Poisoned Denial-of-Service), has three variants, and has been described as practical in the real world.
CPDoS attacks are aimed to two aspects of the modern Internet: Web servers and content delivery networks.
First, an attacker connects to a website, which generates a new CDN entry. The attacker's request contains a malformed or oversized HTTP header, which the CDN allows to pass through to the legitimate site so it can be processed and generate a Web page for the CDN to cache. The oversized header causes a "400 Bad Request" error on the server, which is then cached on the CDN.
Other users accessing the site get the error page rather than the actual websites, and the cached errors spread to other nodes of the CDN's network.
View Full Article