Microsoft Windows 2003 Outlook Web Access URL Injection Vulnerability (Full Version)

All Forums >> [ISA Server 2004 General ] >> Exchange Publishing



Message


Tom Decaluwe -> Microsoft Windows 2003 Outlook Web Access URL Injection Vulnerability (18.Mar.2005 10:11:00 AM)

Hi, i was reading about a OWA2003 url ingjection vulnerability released on 17-03-2005

I was wondering if anyone knew if ISA filters out this attack, can isa filter out this attack and has anyone tried this attack yet on an open OWA and an ISA protected OWA?

I don't have a test setup at the moment but i am very interested. I will certainly try it out asap but if someone else had already done it please let me know.

MS OWA inject vulnerability

cheerz,

Tom




tshinder -> RE: Microsoft Windows 2003 Outlook Web Access URL Injection Vulnerability (24.Mar.2005 2:15:00 PM)

Hi Tom,

Haven't checked it out yet, but the HTTP security filter shouldn't have much trouble blocking this.

Tom




sniper -> RE: Microsoft Windows 2003 Outlook Web Access URL Injection Vulnerability (25.Mar.2005 8:13:00 AM)

This attackimplies that the SSL man in the middle has been applied. so the client get dns poisoned into going to a bogus site where credentials are entered. Thus capturing the username and password for later use by the attcker

"A vulnerability in Microsoft Windows 20003 Outlook Web Access allows malicious attackers to redirect the login to any URL they wish. This allows the attacker to force the user to the site of the attackers choosing enabling the attacker to use social engineering and phishing style of attacks."

The ISa server does not allow an external request to touch the internal resource it reverse proxies the request and can authenticate the user. So with an ISA server deployed with the HTTP filter enabled would neutralize this form of attack since the listner/ISA server not the Exchnage server is doing the initail authentication

[ March 25, 2005, 08:20 AM: Message edited by: cgregory ]




Page: [1]