Microsoft IE for Mac May Disclose Sensitive Information in Secure URLs to Remote Sites via HTTP Referer Field
|
|
SecurityTracker Alert ID: 1008554
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Dec 27 2003
|
Impact: Disclosure of system information, Disclosure of user information
|
Exploit Included: Yes
|
Version(s): 5.22 (Mac OS version)
|
Description: A vulnerability was reported in Microsoft Internet Explorer version 5.22 for the Mac. The browser discloses HTTP Referer values from secure pages.
A report on Gadgetopia stated that the browser discloses secure page URLs when visiting a non-secure referenced site. This reportedly
conflicts with the HTTP 1.1 specification.
According to the report, Microsoft Outlook Web Access (OWA) users may particularly
be affected, as the referring link may contain sensitive information such as the target user's name.
The original report is available
at:
http://www.gadgetopia.com/2003/12/23/OutlookWebAccessPrivacyHole.html
|
Impact: A remote user (web site) may be able to obtain sensitive secure web site URLs from the target user's browser.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.microsoft.com/technet/security/ (Links to External Site)
|
Cause: Access control error, State error
|
Underlying OS: UNIX (OS X)
|
Reported By: <deane@deanebarker.net>
|
Message History:
None.
|
Source Message Contents
|
Date: 24 Dec 2003 16:16:09 -0000
From: <deane@deanebarker.net>
Subject: IE 5.22 on Mac Transmitting HTTP Referer from Secure Page
|
Documented instance of Internet Explorer 5.22 on a Mac transmitting an HTTP Referer header from a lin
k on a secure page (https):
http://www.gadgetopia.com/2003/12/23/OutlookWebAccessPrivacyHole.html
This is clearly covered in the HTTP 1.1 spec (RFC 2616), Section 15.1.3, "Encoding Sensitive Inf
ormation in URI's":
"Clients SHOULD NOT include a Referer header field in a (non-secure) HTTP request if the referri
ng page was transferred with a secure
protocol."
|
|
