Bugtraq: IE 5.22 on Mac Transmitting HTTP Referer from Secure Page

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

IE 5.22 on Mac Transmitting HTTP Referer from Secure Page

From: <deane () deanebarker net>
Date: 24 Dec 2003 16:16:09 -0000



Documented instance of Internet Explorer 5.22 on a Mac transmitting an HTTP Referer header from a link on a secure page 
(https):

http://www.gadgetopia.com/2003/12/23/OutlookWebAccessPrivacyHole.html

This is clearly covered in the HTTP 1.1 spec (RFC 2616), Section 15.1.3, "Encoding Sensitive Information in URI's":

"Clients SHOULD NOT include a Referer header field in a (non-secure) HTTP request if the referring page was transferred 
with a secure protocol."

By Date By Thread

Current thread:

IE 5.22 on Mac Transmitting HTTP Referer from Secure Page deane (Dec 26)
- <Possible follow-ups>
- RE: IE 5.22 on Mac Transmitting HTTP Referer from Secure Page tlarholm (Dec 30)