MS.Exchange.OWA.XSS.Spoofing
Description
This indicates an attack attempt to exploit a cross-site scripting (XSS) vulnerability in Outlook Web Access for Exchange Server.
The vulnerability is a result of the application's failure to properly handle an HTML redirect query. As a result, an authenticated remote attacker can insert malicious script to access data on the Outlook Web Access server.
Affected Products
Microsoft Exchange Server 5.5 SP4
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Apply patch, available from the web site:
http://www.microsoft.com/technet/security/bulletin/ms04-026.mspx.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |