header-logo
Suggest Exploit
vendor:
Outlook Web Access
by:
SecurityFocus
7.5
CVSS
HIGH
Remote URI-Redirection Vulnerability
601
CWE
Product Name: Outlook Web Access
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2004

Microsoft Outlook Web Access Remote URI-Redirection Vulnerability

A remote URI-redirection vulnerability affects Microsoft Outlook Web Access. This issue occurs because the application fails to properly sanitize URI-supplied data. An attacker may leverage this issue to carry out convincing phishing attacks against unsuspecting users by causing an arbitrary page to be loaded when the Microsoft Outlook Web Access login form is submitted.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/12459/info

A remote URI-redirection vulnerability affects Microsoft Outlook Web Access. This issue occurs because the application fails to properly sanitize URI-supplied data.

An attacker may leverage this issue to carry out convincing phishing attacks against unsuspecting users by causing an arbitrary page to be loaded when the Microsoft Outlook Web Access login form is submitted. 

https://owa.example.com/exchweb/bin/auth/owalogon.asp?url=http://www.example.net
https://owa.example.com/exchweb/bin/auth/owalogon.asp?url=http://3221234342/