Bill Knox

**Name of the Vulnerable Software and Affected Versions** Microsoft Outlook Web Access (OWA) (affected versions not specified) **Description** The issue concerns the use of the Cache-Control: no-cache HTTP directive instead of no-store in Microsoft Outlook Web Access (OWA), which could lead to web browsers caching sensitive information, as they follow RFC-2616. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer version 7 **Description** The issue allows local users to potentially obtain sensitive information because encrypted pages can be saved in the cache, even when the DisableCachingOfSSLPages registry setting is enabled. **Recommendations** For Microsoft Internet Explorer version 7, consider disabling the caching of SSL pages by modifying the registry setting to prevent sensitive information from being stored in the cache.