https://www.securityfocus.com/bid/80384
https://cxsecurity.com/issue/WLB-2008070088
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-481

MicrosoftInternetExplorer是一款多平台流行的WEB浏览器。MicrosoftInternetExplorer在AppleMac平台上没有遵从HTTP1.1RFC，在部分环境下可导致信息泄露。MicrosoftInternetExplorer没有尊从HTTP1.1spec(RFC2616)规定的：如果引用页面以安全协议传输客户端不能在HTTP请求(非安全的)中包含Referer头字段。而MSIE没有遵从此规定，可导致部分信息泄露。

Documented instance of Internet Explorer 5.22 on a Mac transmitting an HTTP Referer header from a link on a secure page (https):

http://www.gadgetopia.com/2003/12/23/OutlookWebAccessPrivacyHole.html

This is clearly covered in the HTTP 1.1 spec (RFC 2616), Section 15.1.3, "Encoding Sensitive Information in URI's":

"Clients SHOULD NOT include a Referer header field in a (non-secure) HTTP request if the referring page was transferred with a secure protocol."

Microsoft Internet Explorer 6.0 SP1

Microsoft Internet Explorer 6.0

–

Microsoft Windows 2000 Advanced Server SP2

–

Microsoft Windows 2000 Advanced Se

来源:BID
名称:9295
链接:http://www.securityfocus.com/bid/9295
来源:BUGTRAQ
名称:20031230RE:IE5.22onMacTransmittingHTTPRefererfromSecurePage
链接:http://www.securityfocus.com/archive/1/348574
来源:BUGTRAQ
名称:20031224IE5.22onMacTransmittingHTTPRefererfromSecurePage
链接:http://www.securityfocus.com/archive/1/348360
来源:www.gadgetopia.com
链接:http://www.gadgetopia.com/2003/12/23/OutlookWebAccessPrivacyHole.html
来源:SREASON
名称:3989
链接:http://securityreason.com/securityalert/3989
来源：NSFOCUS
名称：5848
链接：http://www.nsfocus.net/vulndb/5848