Shopware HTTP Header Caching Vulnerability

A vulnerability exists in Shopware versions through 6.1.0 that improperly handles sensitive HTTP headers, allowing them to be cached and potentially exposed to clients. This issue can lead to private headers being marked as public in HTTP caches, creating a risk of sensitive information disclosure. The vulnerability has been addressed in version 6.4.8.2.

Impact

Exploitation of this vulnerability causes private HTTP headers to be cached as public, which can lead to the unintentional disclosure of sensitive information.

Reproduction

The vulnerability can be reproduced by sending a request to a Shopware server version through 6.1.0 with an HTTP cache enabled. The response can then be checked for the presence of sensitive headers that should not have been cached or exposed.

Remediation

Users are advised to update to Shopware version 6.4.8.2. This update can be obtained through the Auto-Updater or directly from the Shopware download overview. For those using versions 6.1, 6.2, and 6.3, a corresponding security plugin is available, although updating to the latest version is recommended.