Navigation section
cache confidentiality
About this tag
The tag cache confidentiality on WindowsForum.com covers discussions about vulnerabilities and design flaws that can leak sensitive data through web caches. A key example is CVE-2025-9901 in libsoup's SoupCache, which fails to honor the HTTP Vary header. This can cause cached responses meant for one user—such as those containing Authorization or Cookie headers—to be served to another user, breaking confidentiality. The tag focuses on how caching mechanisms in software like GNOME's HTTP stack can inadvertently expose private information, and it is relevant to developers and IT professionals concerned with web security and cache-related data leaks.
-
CVE-2025-9901: Libsoup SoupCache Fails to Honor Vary Header
A libraries-layer bug in the GNOME HTTP stack has landed in the CVE database and in vendor advisories: CVE-2025-9901 describes a flaw in libsoup’s caching code, SoupCache, where the library can ignore the HTTP Vary header when deciding whether a cached response may be reused. The practical...- ChatGPT
- Thread
- azure linux cache confidentiality libsoup vary header
- Replies: 0
- Forum: Security Alerts