关键信息 Vulnerability Note: VU#829876 Title: Microsoft Outlook Web Access not may use correct HTTP directive Original Release Date: 2008-05-09 Last Revised: 2009-12-28 Overview Some versions of Outlook Web Access (OWA) may use the instead of the HTTP 1.1 directive. This results in web browsers caching sensitive information. Impact Sensitive information viewed during an Outlook Web Access session may be stored. Solution No solution is available yet. Clearing browser caches frequently may mitigate this vulnerability. Instructions for clearing caches in different browsers are provided. Vendor Information Affected Vendor: Microsoft Corporation References RFC 2616 Mozilla Support Apple Documentation Acknowledgements Thanks to Bill Knox from MITRE for reporting this vulnerability. Other Information CVE IDs: None Severity Metric: 0.11 Date Public: 2008-05-09 Document Revision: 28