Summary
The remote web server is vulnerable to a URL injection vulnerability.
Description :
The remote host is running Microsoft Outlook Web Access 2003.
Due to a lack of sanitization of the user input, the remote version of this software is vulnerable to URL injection which can be exploited to redirect a user to a different, unauthorized web server after authenticating to OWA. This unauthorized site could be used to capture sensitive information by appearing to be part of the web application.
Solution
None at this time
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2005-0420 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
- Alcatel-Lucent OmniPCX Enterprise Remote Command Execution Vulnerability
- Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability
- AproxEngine Multiple Remote Input Validation Vulnerabilities
- AjaXplorer zoho plugin Directory Traversal Vulnerability