Outlook Web Access URL Injection Network Vulnerability

Summary

The remote web server is vulnerable to a URL injection vulnerability. Description : The remote host is running Microsoft Outlook Web Access 2003. Due to a lack of sanitization of the user input, the remote version of this software is vulnerable to URL injection which can be exploited to redirect a user to a different, unauthorized web server after authenticating to OWA. This unauthorized site could be used to capture sensitive information by appearing to be part of the web application.

Solution

None at this time

References

http://packetstormsecurity.org/files/36079/Exploit-Labs-Security-Advisory-2005.1.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2005-0420

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Athena Web Registration remote command execution flaw
Apple Safari RSS Feed Information Disclosure Vulnerability
A-A-S Application Access Server Multiple Vulnerabilities
Andy's PHP Knowledgebase 'step5.php' Remote PHP Code Execution Vulnerability
AjaXplorer zoho plugin Directory Traversal Vulnerability

Take action and discover your vulnerabilities