CVE-2017-8504

Name of the Vulnerable Software and Affected Versions Microsoft Edge versions in Windows 10 1607 and 1703, and Windows Server 2016

Description An information disclosure issue exists due to the Microsoft Edge Fetch API incorrectly handling a filtered response type. This allows an attacker to read the URL of a cross-origin request. Websites that do not securely populate the URL with confidential information could allow information to be disclosed to an attacker.

Recommendations For Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016, consider restricting access to sensitive information in URLs to minimize the risk of exploitation. As a temporary workaround, consider disabling the use of the Fetch API for cross-origin requests until a patch is available. Avoid using the Fetch API to handle confidential information in URLs until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.