Outlook Web Access is prone to a remote URI-redirection vulnerability because the application fails to properly sanitize user-supplied input.
A successful exploit may aid in phishing attacks.
OWA 6.5 SP 2 is vulnerable; other versions may also be affected.
An attacker can exploit this issue by enticing an unsuspecting victim into following a malicious URI.
The following example URIs are available:
http://bit.ly/2IirXze
http://bit.ly/2HYoRle
Solution:
This issue is reported to be fixed in Outlook Exchange Server 2007 SP1; Symantec has not been able to confirm this information.
| Bugtraq ID: | 31765 |
| Class: | Input Validation Error |
| CVE: | CVE-2008-1547 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 15 2008 12:00AM |
| Updated: | Jun 05 2019 11:00AM |
| Credit: | Martin Suess |
| Vulnerable: | Microsoft Exchange Server 2003 SP2 Microsoft Exchange Server 2003 SP1 Microsoft Exchange Server 2003 SP1 Microsoft Exchange Server 2003 |
| Not Vulnerable: | Microsoft Exchange Server 2007 SP 1 |
References:
- Exchange Server Home Page (Microsoft)
- MS OWA 2003 Redirection Vulnerability (Martin Suess )
- Re: MS OWA 2003 Redirection Vulnerability - [MSRC 7368br] (Davide Del Vecchio )
- Re: Re: MS OWA 2003 Redirection Vulnerability - [MSRC 7368br] ("Giuseppe Gottardi" )
from SecurityFocus Vulnerabilities http://bit.ly/2ZbuiCZ
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.