Vulnerability Development mailing list archives

IE 5.0 - Possible Cache Security Risk

From: "Jason Parker" <jparker () o-negative net>
Date: Wed, 24 Oct 2001 00:23:51 -0500

Disregard if this has discussed previously or is just a
misconfiguration..

Recently, when setting up an htaccess section on my website I noticed
that there is a caching problem with IE 5.0x.

Problem:
   When previously restricted site are accessed with an authenticated
login, users who open IE 5.0 and access the same sites, can "cancel"
the login prompt and the cached page will open up. Yes, you have to
keep doing this to view all the links, but we can obviously see the
problem.

Possible Fixes:
   I set IE to check for new versions of the page every time, but
that still didn't help.

Versions:
   IE 5.0 (For sure)
   IE 5.5, and 6.0 are not vulnerable.
_________________________________
Jason Parker - http://www.o-negative.net
o-Negative: Information Network

Current thread:

IE 5.0 - Possible Cache Security Risk Jason Parker (Oct 23)
- <Possible follow-ups>
- Re: IE 5.0 - Possible Cache Security Risk Oliver Bleutgen (Oct 24)