Signature Detail
Short Name |
SMTP:EXCHANGE:OWA-CSS |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
SMTP |
Keywords |
Exchange Server Outlook Web Access Vulnerability |
Release Date |
2005/06/13 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
SMTP: Exchange Server Outlook Web Access Vulnerability
This signature detects attempts to exploit a known vulnerability against Outlook Web Access. Attackers can create a malicious cross-site script, which when run by a user, executes within that user's security context; attackers can then access any data on the Outlook Web Access server that is accessible to that target user.
Extended Description
Outlook Web Access is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the affected application of an unsuspecting user in the context of the affected user. This issue is reported to affect Outlook Web Access for Exchange Server 5.5.
Affected Products
- Microsoft Exchange Server 5.5 SP4
- Microsoft Outlook Web Access for Exchange Server 5.5
References