SMTP: Exchange Server Outlook Web Access Vulnerability
This signature detects attempts to exploit a known vulnerability against Outlook Web Access. Attackers can create a malicious cross-site script, which when run by a user, executes within that user's security context; attackers can then access any data on the Outlook Web Access server that is accessible to that target user.
Extended Description
Outlook Web Access is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the affected application of an unsuspecting user in the context of the affected user. This issue is reported to affect Outlook Web Access for Exchange Server 5.5.
Affected Products
Microsoft exchange_server
Short Name
SMTP:EXCHANGE:OWA-CSS
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
SMTP
Keywords
Access CVE-2005-0563 Exchange Outlook Server Vulnerability Web bid:13952
Release Date
06/14/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Microsoft
CVSS Score
4.3