|
|
Family: CGI abuses : XSS --> Category: infos
Outlook Web Access URL Injection Vulnerability Scan
Vulnerability Scan Summary
The remote host is running Microsoft Outlook Web Access 2003 and is vulnerable to URL Injection.
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server is vulnerable to a URL injection vulnerability.
Description :
The remote host is running Microsoft Outlook Web Access 2003.
Due to a lack of sanitization of the user input, the remote version of this
software is vulnerable to URL injection which can be exploited to redirect a
user to a different, unauthorized web server after authenticating to OWA.
This unauthorized site could be used to capture sensitive information by
appearing to be part of the web application.
See also :
http://exploitlabs.com/files/advisories/EXPL-A-2005-001-owa.txt
Solution :
None at this time
Threat Level:
Low / CVSS Base Score : 3
(AV:R/AC:H/Au:NR/C:P/A:N/I:N/B:C)
Click HERE for more information and discussions on this network vulnerability scan.
|
