Platform Usage / Cacheable HTTPS Response

Description

Cacheable HTTPS response, CWE-315, occurs when a web server or API responds to an HTTPS request with a response that is marked as cacheable. This can lead to the response being stored in an unencrypted form, exposing sensitive data to anyone with access to the cache. According to the OWASP Testing Guide, this vulnerability is most often found when HTTP caching is enabled on an HTTPS page, as the response may be stored in the cache without encryption.

Risk

This vulnerability poses a serious risk to any web or API server that is using HTTPS, as the response may be stored in an unencrypted form and exposed to anyone with access to the cache. This can lead to the exposure of sensitive data, such as passwords, session tokens, or other confidential information.

Solution

The solution to this vulnerability is to ensure that the web or API server is configured to not allow any response to be cached when an HTTPS request is made. This can be done by setting the Cache-Control header to "no-cache". Additionally, the response should also be configured to not be stored in any persistent cache, such as a browser cache.