Short Name |
HTTP:OWA:EXCHANGE-SERVER |
---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft Exchange Server Outlook Web Access Cross Site Request Forgery |
Release Date |
2012/12/02 |
Update Number |
2207 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
This signature detects attempts to exploit a known vulnerability in Microsoft Exchange Server Outlook Web Access. A remote attacker can exploit this vulnerability by enticing a user to follow crafted URI, upon successful exploitation the attacker can login to the administrator console with the created account and execute commands with the privileges of the affected service.
Microsoft Exchange Server Outlook Web Access is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain actions in the context of an authorized user's session and gain unauthorized access to the affected application; other attacks are also possible. Microsoft Exchange Server 2007 versions prior to Service Pack 3 are reported to be vulnerable.