Hello,
I've been reading this thread and it remembered me a similar case (I don't
know if it really classifies as a bug, so I haven't reported it).
Once I had to embed a non-secure object coming from another server to my
secure page (only available over https), then i did the following: i wrote a
simple redirect script like this
<?php
header("Location:".$url);
?>
and on the real page asked object through that script like this
<img src="redirect.php?url=http://non.secure.server";>
Both IE and Mozilla displayed this object without any warning.
August
>-----Original Message-----
>From: security@e-matters.de [mailto:security@e-matters.de]
>Sent: Saturday, December 22, 2001 4:37 PM
>To: bugtraq@securityfocus.com
>Subject: IE https certificate attack
>
>
> e-matters GmbH
> www.e-matters.de
>
> -= Security Advisory =-
>
>
>
> Advisory: Interner Explorer HTTPS certificate attack
> Release Date: 2001/12/22 Author: Stefan Esser
>[s.esser@e-matters.de]
>
> Application: Microsoft Internet Explorer 5.0/5.5/6.0
> Severity: Vulnerability in IE's SSL Certificate handling allows
> undetected SSL Man-In-The-Middle attacks
> Risk: Very High
>Vendor Status: Notified
> Reference: http://security.e-matters.de/advisories/012001.html
>
_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail.
http://www.hotmail.com
