{"vuid":"VU#468843","idnumber":"468843","name":"Microsoft Internet Explorer 7 DisableCachingOfSSLPages may not prevent caching","keywords":["Microsoft","Internet Explorer 7","DisableCachingOfSSLPages","SSL-encrypted web pages"],"overview":"Setting the Internet Explorer 7 option DisableCachingOfSSLPages may not prevent the caching of SSL-enabled web pages.","clean_desc":"Administrators and users can set the Internet Explorer DisableCachingOfSSLPages option to prevent sensitive or private data from being saved to disk. The registry key for this setting is: HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\InternetSettings\\DisableCachingOfSSLPages\nAfter enabling this setting, Internet Explorer 7 may still cache SSL-enabled web pages to disk.","impact":"Private or sensitive data may be written to disk inadvertently.","resolution":"We are currently unaware of a practical solution to this problem.","workarounds":"Secure deletion Securely deleting or encrypting the Internet Explorer 7 browser cache (%userprofile%\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low)  that contains the sensitive information will mitigate this vulnerability.","sysaffected":"","thanks":"Thanks to Bill KNox from MITRE for reporting this vulnerability.","author":"This document was written by Ryan Giobbi.","public":["http://technet2.microsoft.com/windowsserver/en/library/c07587ec-4a60-4bca-8508-29a4296b72121033.mspx?mfr=true","http://technet.microsoft.com/en-us/sysinternals/bb897443.aspx","http://technet2.microsoft.com/WindowsVista/en/library/58358421-a7f5-4c97-ab41-2bcc61a58a701033.mspx?mfr=true","http://blogs.msdn.com/ie/archive/2006/02/09/528963.aspx","http://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2008-02-28T18:45:25Z","publicdate":"2008-05-09T00:00:00Z","datefirstpublished":"2008-05-09T11:59:03Z","dateupdated":"2008-05-09T18:17:37Z","revision":18,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"4","cam_population":"20","cam_impact":"4","cam_easeofexploitation":"20","cam_attackeraccessrequired":"20","cam_scorecurrent":"2.4","cam_scorecurrentwidelyknown":"14.4","cam_scorecurrentwidelyknownexploited":"26.4","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":2.4,"vulnote":null}