Detections
Analytics

Unauthenticated Cache Purge

info Web App Scanning Plugin ID 114946

Language:

Synopsis

Unauthenticated Cache Purge

Description

This is an informational plugin to inform the user that the scanner has detected an unauthenticated cache purge functionality in the web server. This could potentially allow an attacker to clear the cache without authentication, leading to service disruption or other issues.

Solution

Ensure that the cache purge functionality is secured and not accessible to unauthorized users. Implement proper authentication and authorization mechanisms to restrict access to cache purging operations.

See Also

https://book.varnish-software.com/4.0/chapters/Cache_Invalidation.html

https://docs.nginx.com/nginx/admin-guide/content-cache/content-caching/

https://wiki.squid-cache.org/SquidFaq/OperatingSquid

Plugin Details

Severity: Info

ID: 114946

Type: remote

Family: Web Servers

Published: 9/3/2025

Updated: 9/3/2025

Scan Template: api, basic, full, pci, scan