{"id":21507,"date":"2025-10-14T13:02:10","date_gmt":"2025-10-14T13:02:10","guid":{"rendered":"http:\/\/localhost\/?p=21507"},"modified":"2025-10-14T13:02:10","modified_gmt":"2025-10-14T13:02:10","slug":"packet-storm-missing-cache-header","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=21507","title":{"rendered":"\ud83d\udcc4 Packet Storm Missing Cache Header_PACKETSTORM:210463"},"content":{"rendered":"

{“lastseen”:”2025-10-14T17:19:37″,”description”:”Packet Storm was missing a cache control header on the user settings page, allowing for parties to click back in…”,”published”:”2025-10-13T00:00:00″,”modified”:”2025-10-13T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Packet Storm Missing Cache Header”,”source”:””,”references”:””,”id”:”PACKETSTORM:210463″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”*Improper cache control-*\\n \\n The improper cache control vulnerability refers to a security flaw that\\n arises when a web application does not properly manage or control caching\\n mechanisms. Caching is an essential technique used to improve performance\\n by storing frequently accessed data in temporary storage, such as the\\n client’s browser or intermediate proxy servers. However, when caching is\\n not adequately controlled, sensitive or private information may be\\n inadvertently stored and exposed to unauthorized users.\\n \\n *Steps to reproduce-*\\n \\n 1) Go To site settings\\n 2) Do logout\\n 3) click back you can see sensitive info\\n \\n *Impact-*\\n \\n Exploiting the improper cache control vulnerability can have serious\\n consequences, including the following: a. Information Disclosure: Sensitive\\n user data, such as personal information, authentication tokens, or\\n confidential documents, may be cached on intermediate systems or the\\n client’s browser. This can lead to unauthorized access, data leakage, or\\n identity theft.\\n \\n Cache Poisoning: Attackers can manipulate the cached data to serve\\n malicious content to unsuspecting users, leading to various attacks, such\\n as cross-site scripting (XSS), drive-by downloads, or injection attacks.\\n \\n \\n —\\n Packet Storm note:\\n \\n 2025\/10\/13: \\n \\n We were indeed missing a cache header for the page in question. There wasn’t a mechanism to commit cache poisoning or xss, but as shared computing is a thing, we addressed it so local caches did not persist post logout. We would like to extend our thanks to Shivang Singhal for reporting the issue.”,”sourceHref”:”https:\/\/packetstorm.news\/download\/210463″,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/210463\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2025-10-14T17:19:37″,”description”:”Packet Storm was missing a cache control header on the user settings page, allowing for parties to click back in…”,”published”:”2025-10-13T00:00:00″,”modified”:”2025-10-13T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Packet Storm Missing Cache Header”,”source”:””,”references”:””,”id”:”PACKETSTORM:210463″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”*Improper…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,12,13,33,53,7,11,5],"class_list":["post-21507","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 Packet Storm Missing Cache Header_PACKETSTORM:210463 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=21507\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 Packet Storm Missing Cache Header_PACKETSTORM:210463 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2025-10-14T17:19:37″,”description”:”Packet Storm was missing a cache control header on the user settings page, allowing for parties to click back in…”,”published”:”2025-10-13T00:00:00″,”modified”:”2025-10-13T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Packet Storm Missing Cache Header”,”source”:””,”references”:””,”id”:”PACKETSTORM:210463″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”*Improper...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=21507\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-10-14T13:02:10+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=21507#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=21507\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 Packet Storm Missing Cache Header_PACKETSTORM:210463\",\"datePublished\":\"2025-10-14T13:02:10+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=21507\"},\"wordCount\":387,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"exploit\",\"news\",\"NONE\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=21507#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=21507\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=21507\",\"name\":\"\ud83d\udcc4 Packet Storm Missing Cache Header_PACKETSTORM:210463 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-10-14T13:02:10+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=21507#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=21507\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=21507#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 Packet Storm Missing Cache Header_PACKETSTORM:210463\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 Packet Storm Missing Cache Header_PACKETSTORM:210463 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=21507","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 Packet Storm Missing Cache Header_PACKETSTORM:210463 - zero redgem","og_description":"{“lastseen”:”2025-10-14T17:19:37″,”description”:”Packet Storm was missing a cache control header on the user settings page, allowing for parties to click back in…”,”published”:”2025-10-13T00:00:00″,”modified”:”2025-10-13T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Packet Storm Missing Cache Header”,”source”:””,”references”:””,”id”:”PACKETSTORM:210463″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”*Improper...","og_url":"https:\/\/zero.redgem.net\/?p=21507","og_site_name":"zero redgem","article_published_time":"2025-10-14T13:02:10+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=21507#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=21507"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 Packet Storm Missing Cache Header_PACKETSTORM:210463","datePublished":"2025-10-14T13:02:10+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=21507"},"wordCount":387,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","exploit","news","NONE","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=21507#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=21507","url":"https:\/\/zero.redgem.net\/?p=21507","name":"\ud83d\udcc4 Packet Storm Missing Cache Header_PACKETSTORM:210463 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-10-14T13:02:10+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=21507#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=21507"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=21507#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 Packet Storm Missing Cache Header_PACKETSTORM:210463"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/21507","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=21507"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/21507\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=21507"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=21507"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=21507"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}