S-339: Vulnerabilities in Outlook Web Access for Exchange Server
There is a cross-site scripting vulnerability in the affected versions of Outlook Web Access (OWA) for Exchange Server. Exploitation of the vulnerability could lead to elevation of privilege on individual OWA clients connecting to Outlook Web Access for Exchange Server. The risk is LOW. To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted e-mail that would run malicious script from within an individual OWA client. If the malicious script is executed, the script would run inthe security context of the user's OWA session and could perform any action that user could perform such as reading, sending, and deleting e-mail as the logged-on user.
Dear all experts here,
:)
I would like to install a proxy server on Linux server to perform solely to control the access of Web server.
In this case, some of my vendor asked me to try Squid and I have installed it onto my Linux server.
I would like know how can I set the configuration to... (1 Reply)
i am new in AIX i am trying to write a script to take a backup for specific files on server to and check error log if backup success send email to administrator , script done except for sending mail , i try to configure sendmail on aix to use our exchange server to send emails but still get error... (0 Replies)
Hi people,
In my work i have 2 P595 server (P595A and P595B) i need to exchange one server from P595A to P595B and one from P595B to P595A, i know the best way to do this is make a mksysb copy of the system and restore it on another but, in this process i dont need to exchange all the server,... (4 Replies)
1. The problem statement, all variables and given/known data:
Write a parser for a web server access log that will provide the statistics outlined below. Remember to format your output in a neat form. You may complete this assignment with one Awk script or a shell script using a combination of... (6 Replies)
I have installed WAMPSERVER 2.0 on my windows vista x64 system but still am having issues with getting the webserver to be seen outside my local network. It is working fine within my local network.
Been through several setup tutorials so far, no dice still.
For testing purposes I have... (1 Reply)
Hello,
FreeBSD is not forwarding the request to the Outlook Web Access. Is there some process that needs to be run in order for this to start?
The server was rebuilt and is pingable.
Any suggestion is greatly appreciated.
Thank you,
Gish (1 Reply)
Hi,
I have web server (apache) installed in server-1 and i want to view the web pages from diferent servers also while the web server is running only in one server ....(all the servers are connected to office LAN)
right now all the servers have apache running......and CPU utilzation is at its... (2 Replies)
Hi all! I'm a web developer with a question.
We have a contractor that is working on a project that requires the user to access a ton of files on the clients Unix server. He has plans to built a VB interface for on site windows users to access those files and wants us to develop a web based... (4 Replies)
Net::Server::Proto::SSL(3) User Contributed Perl Documentation Net::Server::Proto::SSL(3)NAME
Net::Server::Proto::SSL - Net::Server SSL protocol.
SYNOPSIS
Until this release, it was preferrable to use the Net::Server::Proto::SSLEAY module. Recent versions include code that overcomes original
limitations.
See Net::Server::Proto. See Net::Server::Proto::SSLEAY.
use base qw(Net::Server::HTTP);
main->run(
proto => 'ssl',
SSL_key_file => "/path/to/my/file.key",
SSL_cert_file => "/path/to/my/file.crt",
);
# OR
sub SSL_key_file { "/path/to/my/file.key" }
sub SSL_cert_file { "/path/to/my/file.crt" }
main->run(proto = 'ssl');
# OR
main->run(
port => [443, 8443, "80/tcp"], # bind to two ssl ports and one tcp
proto => "ssl", # use ssl as the default
ipv => "*", # bind both IPv4 and IPv6 interfaces
SSL_key_file => "/path/to/my/file.key",
SSL_cert_file => "/path/to/my/file.crt",
);
# OR
main->run(port => [{
port => "443",
proto => "ssl",
# ipv => 4, # default - only do IPv4
SSL_key_file => "/path/to/my/file.key",
SSL_cert_file => "/path/to/my/file.crt",
}, {
port => "8443",
proto => "ssl",
ipv => "*", # IPv4 and IPv6
SSL_key_file => "/path/to/my/file2.key", # separate key
SSL_cert_file => "/path/to/my/file2.crt", # separate cert
SSL_foo => 1, # Any key prefixed with SSL_ passed as a port hashref
# key/value will automatically be passed to IO::Socket::SSL
}]);
DESCRIPTION
Protocol module for Net::Server based on IO::Socket::SSL. This module implements a secure socket layer over tcp (also known as SSL) via
the IO::Socket::SSL module. If this module does not work in your situation, please also consider using the SSLEAY protocol
(Net::Server::Proto::SSLEAY) which interfaces directly with Net::SSLeay. See Net::Server::Proto.
If you know that your server will only need IPv4 (which is the default for Net::Server), you can load IO::Socket::SSL in inet4 mode which
will prevent it from using Socket6 and IO::Socket::INET6 since they would represent additional and unsued overhead.
use IO::Socket::SSL qw(inet4);
use base qw(Net::Server::Fork);
__PACKAGE__->run(proto => "ssl");
PARAMETERS
In addition to the normal Net::Server parameters, any of the SSL parameters from IO::Socket::SSL may also be specified. See
IO::Socket::SSL for information on setting this up. All arguments prefixed with SSL_ will be passed to the IO::Socket::SSL->configure
method.
BUGS
Until version Net::Server version 2, Net::Server::Proto::SSL used the default IO::Socket::SSL::accept method. This old approach introduces
a DDOS vulnerability into the server, where the socket is accepted, but the parent server then has to block until the client negotiates the
SSL connection. This has now been overcome by overriding the accept method and accepting the SSL negotiation after the parent socket has
had the chance to go back to listening.
LICENCE
Distributed under the same terms as Net::Server
THANKS
Thanks to Vadim for pointing out the IO::Socket::SSL accept was returning objects blessed into the wrong class.
perl v5.18.2 2013-01-09 Net::Server::Proto::SSL(3)