Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1513973-6)
SAP Support Packages
(SAPK-70009INWEBCUIF, SAPK-70103INWEBCUIF, SAPK-73001INWEBCUIF)
Описание
The error is caused because the WEBCUIF start page is cached in the browser. When the user clicks browser back the browser will not call the server but take the page from the browser cache. From there it will load an additional resource from the server which will result in the authentication popup (basic authentication) as no logon has been performed since logout. Basic authentication is always cached in the browser and therefore it will not be possible to logout any longer.
The start page is set up to not to be cached. This works well in http but not in https. So the symptom will only occur with https.
The start page is set up to not to be cached. This works well in http but not in https. So the symptom will only occur with https.
Как исправить
Apply the corresponding support package or implement the correction instructions.
The fix will disable caching even if it is https.
The fix will disable caching even if it is https.
Ссылки