IE 5.0 - Possible Cache Security Risk
From: Jason Parker (jparker@o-negative.net)Date: 10/24/01
- Previous message: riezel.t.serdan@accenture.com: "Re: Opera Browser goes Crash"
- Next in thread: Oliver Bleutgen: "Re: IE 5.0 - Possible Cache Security Risk"
- Reply: Oliver Bleutgen: "Re: IE 5.0 - Possible Cache Security Risk"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <002801c15c4c$10f7f500$19041c41@gibson> From: "Jason Parker" <jparker@o-negative.net> To: <vuln-dev@securityfocus.com> Subject: IE 5.0 - Possible Cache Security Risk Date: Wed, 24 Oct 2001 00:23:51 -0500
Disregard if this has discussed previously or is just a
misconfiguration..
Recently, when setting up an htaccess section on my website I noticed
that there is a caching problem with IE 5.0x.
Problem:
When previously restricted site are accessed with an authenticated
login, users who open IE 5.0 and access the same sites, can "cancel"
the login prompt and the cached page will open up. Yes, you have to
keep doing this to view all the links, but we can obviously see the
problem.
Possible Fixes:
I set IE to check for new versions of the page every time, but
that still didn't help.
Versions:
IE 5.0 (For sure)
IE 5.5, and 6.0 are not vulnerable.
_________________________________
Jason Parker - http://www.o-negative.net
o-Negative: Information Network
- Previous message: riezel.t.serdan@accenture.com: "Re: Opera Browser goes Crash"
- Next in thread: Oliver Bleutgen: "Re: IE 5.0 - Possible Cache Security Risk"
- Reply: Oliver Bleutgen: "Re: IE 5.0 - Possible Cache Security Risk"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
