Information Disclosure Vulnerability in Microsoft Outlook Web Access
CVE-2008-2143

Currently unrated

Key Information:

Vendor: Microsoft
Status: Outlook Web Access
Vendor: CVE Published:; 12 May 2008

Summary

An information disclosure vulnerability exists in Microsoft Outlook Web Access due to the use of the Cache-Control: no-cache HTTP directive instead of the no-store directive. This issue can lead to web browsers caching sensitive user information, which may be accessible by unauthorized parties. Attackers exploiting this vulnerability could potentially view stored sensitive data that should be protected from caching, thus posing a privacy risk to users.

References

http://www.securityfocus.com/bid/29121

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/42301

vdb-entryx_refsource_XF

http://www.kb.cert.org/vuls/id/829876

third-party-advisoryx_refsource_CERT-VN

Timeline

Vulnerability published
May 12, 2008
Vulnerability Reserved
May 12, 2008