ID de Prueba:	1.3.6.1.4.1.25623.1.0.17636
Categoría:	Web application abuses
Título:	Outlook Web Access URL Injection
Resumen:	Due to a lack of sanitization of the user input, the remote version of Microsoft; Outlook Web Access 2003 is vulnerable to URL injection which can be exploited to redirect a user to a different,; unauthorized web server after authenticating to OWA.
Descripción:	Summary: Due to a lack of sanitization of the user input, the remote version of Microsoft Outlook Web Access 2003 is vulnerable to URL injection which can be exploited to redirect a user to a different, unauthorized web server after authenticating to OWA. Vulnerability Impact: This unauthorized site could be used to capture sensitive information by appearing to be part of the web application. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0420 BugTraq ID: 12459 http://www.securityfocus.com/bid/12459 http://seclists.org/lists/fulldisclosure/2005/Feb/0106.html http://secunia.com/advisories/14144 http://www.vupen.com/english/advisories/2005/0105 XForce ISS Database: owa-owalogonasp-url-redirect(19225) https://exchange.xforce.ibmcloud.com/vulnerabilities/19225
Copyright	Copyright (C) 2005 Michael J. Richardson

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.