|
Internet Explorer for Mac Disclosure of Referer Information Weakness
|
|
Secunia Advisory:
|
SA10500
|
|
|
Release Date:
|
2003-12-28
|
|
Popularity:
|
11,977 views
|
|
|
Critical:
|
Not critical
|
|
Impact:
|
Exposure of system information
Exposure of sensitive information
|
|
Where:
|
From remote
|
|
Solution Status:
|
Unpatched
|
|
| Software: | Internet Explorer 5.x for Mac
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
Description:
Deane has reported a security issue in Internet Explorer for Mac, which potentially can disclose sensitive information.
URL information is included in the "Referer:" header field when another site is visited by following a link from a secure site using HTTPS. This behaviour contradicts the specified behaviour in RFC 2616, Section 15.1.3 and may disclose sensitive information in an URL from a secure site.
The issue has been reported in version 5.22. Other versions may also be affected.
Solution:
Don't follow links to other sites from a secure site, if the URL contains sensitive information.
Provided and/or discovered by:
Deane
Other References:
Hypertext Transfer Protocol -- HTTP/1.1 (RFC 2616):
http://ftp.rfc-editor.org/in-notes/rfc2616.txt
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
