Microsoft IE for Mac May Disclose Sensitive Information in Secure URLs to Remote Sites via HTTP Referer Field
|
|
SecurityTracker Alert ID: 1008554 |
|
SecurityTracker URL: http://securitytracker.com/id/1008554
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Dec 27 2003
|
Impact:
Disclosure of system information, Disclosure of user information
|
Exploit Included: Yes
|
Version(s): 5.22 (Mac OS version)
|
Description:
A vulnerability was reported in Microsoft Internet Explorer version 5.22 for the Mac. The browser discloses HTTP Referer values from secure pages.
A report on Gadgetopia stated that the browser discloses secure page URLs when visiting a non-secure referenced site. This reportedly conflicts with the HTTP 1.1 specification.
According to the report, Microsoft Outlook Web Access (OWA) users may particularly be affected, as the referring link may contain sensitive information such as the target user's name.
The original report is available at:
http://www.gadgetopia.com/2003/12/23/OutlookWebAccessPrivacyHole.html
|
Impact:
A remote user (web site) may be able to obtain sensitive secure web site URLs from the target user's browser.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.microsoft.com/technet/security/ (Links to External Site)
|
Cause:
Access control error, State error
|
Underlying OS:
UNIX (OS X)
|
|
Message History:
None.
|
Source Message Contents
|
Date: 24 Dec 2003 16:16:09 -0000
Subject: IE 5.22 on Mac Transmitting HTTP Referer from Secure Page
|
Documented instance of Internet Explorer 5.22 on a Mac transmitting an HTTP Referer header from a link on a secure page (https):
http://www.gadgetopia.com/2003/12/23/OutlookWebAccessPrivacyHole.html
This is clearly covered in the HTTP 1.1 spec (RFC 2616), Section 15.1.3, "Encoding Sensitive Information in URI's":
"Clients SHOULD NOT include a Referer header field in a (non-secure) HTTP request if the referring page was transferred with a secure
protocol."
|
|
