|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[sec-adv] Microsoft Outlook Web Access Cross-Site Scripting Vulnerability
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Thu Jul 10 2003 - 12:06:06 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
Microsoft Outlook Web Access Cross-Site Scripting Vulnerability
READ ONLINE:
http://www.secunia.com/advisories/9212/
CRITICAL:
Less critical
IMPACT:
Security Bypass, Cross Site Scripting, Exposure of sensitive
information
WHERE:
From remote
SOFTWARE:
Microsoft Exchange 5.5
Microsoft Exchange 2000 Enterprise Server
Microsoft Exchange Server 2000
DESCRIPTION:
A vulnerability has been reported in Outlook Web Access (OWA), which
can be exploited by malicious people to conduct Cross-Site Scripting
attacks against users.
When a user wants to view a HTML formatted mail in OWA he/she needs
to click a generated link. However, it is possible to force a user
into clicking a specially crafted link where the "Security" parameter
has been omitted. This makes it possible to bypass the script
filtering routines allowing script code in the body of the mail to be
executed.
An example link was provided in the original advisory:
http://<IP_or_name_of_the_server>/exchange/<username>/<inbox_name>/<subject>.EML/1_multipart/2_text.htm
Successful exploitation may result in disclosure of sensitive
information (eg. content of cookies associated with the site,
mailboxes, and the Base64 encoded Windows domain user credentials).
However, this requires that certain information is known in advance.
A PoC (Proof of Concept) exploit has been released, which illustrates
an attack vector (see orginal advisory).
SOLUTION:
Set up a proxy or content filter to deny mails containing script code
or links like the one in the example.
REPORTED BY / CREDITS:
Hugo Vázquez Caramés and Toni Cortés Martínez.
ORIGINAL ADVISORY:
http://www.infohacking.com/INFOHACKING_RESEARCH/Our_Advisories/OWA/OWA_XSS.htm
----------------------------------------------------------------------
Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]