Monday, May 12, 2008 9:13 AM
cmosby
Internet Explorer "DisableCachingOfSSLPages" Weakness - Advisories - Secunia
Internet Explorer "DisableCachingOfSSLPages" Weakness
Secunia Advisory:
SA30145
Release Date:
2008-05-12
Critical:
Not critical
Impact:
Security Bypass
Exposure of sensitive information
Where:
Local system
Solution Status:
Unpatched
Software:
Microsoft Internet Explorer 7.x
Description:
A weakness has been reported in Internet Explorer, which may result in potentially sensitive information being inadvertently saved on a system.
Internet Explorer supports the "DisableCachingOfSSLPages" option, which is supposed to prevent encrypted web pages from being saved to disk. However, an error may result in encrypted web pages being cached regardless of the setting being enabled or not.
Solution:
Do not rely on the "DisableCachingOfSSLPages" option.
Provided and/or discovered by:
Bill Knox, MITRE.
Original Advisory:
US-CERT VU#468843:
http://www.kb.cert.org/vuls/id/468843