• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Microsoft Windows 2003 Outlook Web Access URL Injection Vulnerability

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Exchange Publishing >> Microsoft Windows 2003 Outlook Web Access URL Injection Vulnerability Page: [1]
Login
Message << Older Topic   Newer Topic >>
Microsoft Windows 2003 Outlook Web Access URL Injection... - 18.Mar.2005 10:11:00 AM   
Tom Decaluwe

 

Posts: 135
Joined: 23.Jul.2003
Status: offline
Hi, i was reading about a OWA2003 url ingjection vulnerability released on 17-03-2005

I was wondering if anyone knew if ISA filters out this attack, can isa filter out this attack and has anyone tried this attack yet on an open OWA and an ISA protected OWA?

I don't have a test setup at the moment but i am very interested. I will certainly try it out asap but if someone else had already done it please let me know.

MS OWA inject vulnerability

cheerz,

Tom
Post #: 1
RE: Microsoft Windows 2003 Outlook Web Access URL Injec... - 24.Mar.2005 2:15:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Tom,

Haven't checked it out yet, but the HTTP security filter shouldn't have much trouble blocking this.

Tom

(in reply to Tom Decaluwe)
Post #: 2
RE: Microsoft Windows 2003 Outlook Web Access URL Injec... - 25.Mar.2005 8:13:00 AM   
sniper

 

Posts: 687
Joined: 9.Aug.2001
From: OK, USA
Status: offline
This attackimplies that the SSL man in the middle has been applied. so the client get dns poisoned into going to a bogus site where credentials are entered. Thus capturing the username and password for later use by the attcker

"A vulnerability in Microsoft Windows 20003 Outlook Web Access allows malicious attackers to redirect the login to any URL they wish. This allows the attacker to force the user to the site of the attackers choosing enabling the attacker to use social engineering and phishing style of attacks."

The ISa server does not allow an external request to touch the internal resource it reverse proxies the request and can authenticate the user. So with an ISA server deployed with the HTTP filter enabled would neutralize this form of attack since the listner/ISA server not the Exchnage server is doing the initail authentication

[ March 25, 2005, 08:20 AM: Message edited by: cgregory ]

(in reply to Tom Decaluwe)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Exchange Publishing >> Microsoft Windows 2003 Outlook Web Access URL Injection Vulnerability Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts