Cache poisoning

Cache poisoning refers to a computer security vulnerability where invalid entries can be placed into a cache, which are then assumed to be valid when later used.^[1] Two common varieties are DNS cache poisoning^[2] and ARP cache poisoning. Web cache poisoning involves the poisoning of web caches^[3] (which has led to security issues in programming languages, including all Python versions at the time in 2021, and expedited security updates^[4]). Attacks on other, more specific, caches also exist.^[5]^[6]^[7]

References

↑ "CAPEC-141: Cache Poisoning". CAPEC. https://capec.mitre.org/data/definitions/141.html.
↑ Wu, Hao; Dang, Xianglei; Wang, Lidong; He, Longtao (2016). "Information fusion‐based method for distributed domain name system cache poisoning attack detection and identification" (in en). IET Information Security 10 (1): 37–44. doi:10.1049/iet-ifs.2014.0386. ISSN 1751-8717. https://onlinelibrary.wiley.com/doi/10.1049/iet-ifs.2014.0386.
↑ Nguyen, Hoai Viet; Iacono, Luigi Lo; Federrath, Hannes (6 November 2019). "Your Cache Has Fallen: Cache-Poisoned Denial-of-Service Attack". Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. pp. 1915–1936. doi:10.1145/3319535.3354215. ISBN 9781450367479.
↑ "CVE - CVE-2021-23336". https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336.
↑ Hensler, Christopher; Tague, Patrick (15 May 2019). "Using bluetooth low energy spoofing to dispute device details". Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks. pp. 340–342. doi:10.1145/3317549.3326321. ISBN 9781450367264.
↑ Daswani, Neil; Garcia-Molina, Hector (2004). "Pong-cache poisoning in GUESS". Proceedings of the 11th ACM conference on Computer and communications security. pp. 98–109. doi:10.1145/1030083.1030099. ISBN 1581139616.
↑ Wang, Dong; Dong, Wei Yu (April 2019). "Attacking Intel UEFI by Using Cache Poisoning". Journal of Physics: Conference Series 1187 (4): 042072. doi:10.1088/1742-6596/1187/4/042072. Bibcode: 2019JPhCS1187d2072W.

0.00

(0 votes)

Original source: https://en.wikipedia.org/wiki/Cache poisoning. Read more

[1] "CAPEC-141: Cache Poisoning". CAPEC. https://capec.mitre.org/data/definitions/141.html.

[2] Wu, Hao; Dang, Xianglei; Wang, Lidong; He, Longtao (2016). "Information fusion‐based method for distributed domain name system cache poisoning attack detection and identification" (in en). IET Information Security 10 (1): 37–44. doi:10.1049/iet-ifs.2014.0386. ISSN 1751-8717. https://onlinelibrary.wiley.com/doi/10.1049/iet-ifs.2014.0386.

[3] Nguyen, Hoai Viet; Iacono, Luigi Lo; Federrath, Hannes (6 November 2019). "Your Cache Has Fallen: Cache-Poisoned Denial-of-Service Attack". Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. pp. 1915–1936. doi:10.1145/3319535.3354215. ISBN 9781450367479.

[4] "CVE - CVE-2021-23336". https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336.

[5] Hensler, Christopher; Tague, Patrick (15 May 2019). "Using bluetooth low energy spoofing to dispute device details". Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks. pp. 340–342. doi:10.1145/3317549.3326321. ISBN 9781450367264.

[6] Daswani, Neil; Garcia-Molina, Hector (2004). "Pong-cache poisoning in GUESS". Proceedings of the 11th ACM conference on Computer and communications security. pp. 98–109. doi:10.1145/1030083.1030099. ISBN 1581139616.

[7] Wang, Dong; Dong, Wei Yu (April 2019). "Attacking Intel UEFI by Using Cache Poisoning". Journal of Physics: Conference Series 1187 (4): 042072. doi:10.1088/1742-6596/1187/4/042072. Bibcode: 2019JPhCS1187d2072W.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

Anonymous

Search

Cache poisoning

Namespaces

More

Page actions

References

Navigation

Navigation

Help

Translate

Wiki tools

Wiki tools

Anonymous

Search

Cache poisoning

References

Navigation

Wiki tools

Page tools

Other projects

Categories