Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

S-339: Vulnerabilities in Outlook Web Access for Exchange Server

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) S-339: Vulnerabilities in Outlook Web Access for Exchange Server
# 1  
Old 07-17-2008
S-339: Vulnerabilities in Outlook Web Access for Exchange Server
There is a cross-site scripting vulnerability in the affected versions of Outlook Web Access (OWA) for Exchange Server. Exploitation of the vulnerability could lead to elevation of privilege on individual OWA clients connecting to Outlook Web Access for Exchange Server. The risk is LOW. To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted e-mail that would run malicious script from within an individual OWA client. If the malicious script is executed, the script would run inthe security context of the user's OWA session and could perform any action that user could perform such as reading, sending, and deleting e-mail as the logged-on user.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. Proxy Server

How to use Squid on Linux to control certain IP to access Web Server and certain IP cannot access?

Dear all experts here, :) I would like to install a proxy server on Linux server to perform solely to control the access of Web server. In this case, some of my vendor asked me to try Squid and I have installed it onto my Linux server. I would like know how can I set the configuration to... (1 Reply)
Discussion started by: kwliew999
1 Replies

2. Shell Programming and Scripting

Send email from sendmail on AIX using exchange server as SMTP server

i am new in AIX i am trying to write a script to take a backup for specific files on server to and check error log if backup success send email to administrator , script done except for sending mail , i try to configure sendmail on aix to use our exchange server to send emails but still get error... (0 Replies)
Discussion started by: ahmed_salah
0 Replies

3. AIX

Exchange one server to another

Hi people, In my work i have 2 P595 server (P595A and P595B) i need to exchange one server from P595A to P595B and one from P595B to P595A, i know the best way to do this is make a mksysb copy of the system and restore it on another but, in this process i dont need to exchange all the server,... (4 Replies)
Discussion started by: anonymouzz
4 Replies

4. Homework & Coursework Questions

Parse a Web Server Access Log

1. The problem statement, all variables and given/known data: Write a parser for a web server access log that will provide the statistics outlined below. Remember to format your output in a neat form. You may complete this assignment with one Awk script or a shell script using a combination of... (6 Replies)
Discussion started by: codyhazelwood
6 Replies

5. Web Development

Cannot access Apache web server from Wan side, only Lan side.

I have installed WAMPSERVER 2.0 on my windows vista x64 system but still am having issues with getting the webserver to be seen outside my local network. It is working fine within my local network. Been through several setup tutorials so far, no dice still. For testing purposes I have... (1 Reply)
Discussion started by: davidmanvell
1 Replies

6. BSD

forwarding the request to the Outlook Web Access

Hello, FreeBSD is not forwarding the request to the Outlook Web Access. Is there some process that needs to be run in order for this to start? The server was rebuilt and is pingable. Any suggestion is greatly appreciated. Thank you, Gish (1 Reply)
Discussion started by: TESTQWER
1 Replies

7. UNIX for Advanced & Expert Users

remote web server access (apache)

Hi, I have web server (apache) installed in server-1 and i want to view the web pages from diferent servers also while the web server is running only in one server ....(all the servers are connected to office LAN) right now all the servers have apache running......and CPU utilzation is at its... (2 Replies)
Discussion started by: aditya.ece1985
2 Replies

8. UNIX for Dummies Questions & Answers

Ways to Access Files on Unix Server via Web

Hi all! I'm a web developer with a question. We have a contractor that is working on a project that requires the user to access a ton of files on the clients Unix server. He has plans to built a VB interface for on site windows users to access those files and wants us to develop a web based... (4 Replies)
Discussion started by: Imhotep1963
4 Replies
Login or Register to Ask a Question

LEARN ABOUT MOJAVE

net::server::proto::ssl

Net::Server::Proto::SSL(3)				User Contributed Perl Documentation				Net::Server::Proto::SSL(3)

NAME

       Net::Server::Proto::SSL - Net::Server SSL protocol.

SYNOPSIS

       Until this release, it was preferrable to use the Net::Server::Proto::SSLEAY module.  Recent versions include code that overcomes original
       limitations.

       See Net::Server::Proto.	See Net::Server::Proto::SSLEAY.

	   use base qw(Net::Server::HTTP);
	   main->run(
	       proto => 'ssl',
	       SSL_key_file  => "/path/to/my/file.key",
	       SSL_cert_file => "/path/to/my/file.crt",
	   );

	   # OR

	   sub SSL_key_file  { "/path/to/my/file.key" }
	   sub SSL_cert_file { "/path/to/my/file.crt" }
	   main->run(proto = 'ssl');

	   # OR

	   main->run(
	       port => [443, 8443, "80/tcp"],  # bind to two ssl ports and one tcp
	       proto => "ssl",	     # use ssl as the default
	       ipv  => "*",	     # bind both IPv4 and IPv6 interfaces
	       SSL_key_file  => "/path/to/my/file.key",
	       SSL_cert_file => "/path/to/my/file.crt",
	   );

	   # OR

	   main->run(port => [{
	       port  => "443",
	       proto => "ssl",
	       # ipv => 4, # default - only do IPv4
	       SSL_key_file  => "/path/to/my/file.key",
	       SSL_cert_file => "/path/to/my/file.crt",
	   }, {
	       port  => "8443",
	       proto => "ssl",
	       ipv   => "*", # IPv4 and IPv6
	       SSL_key_file  => "/path/to/my/file2.key", # separate key
	       SSL_cert_file => "/path/to/my/file2.crt", # separate cert

	       SSL_foo => 1, # Any key prefixed with SSL_ passed as a port hashref
			     # key/value will automatically be passed to IO::Socket::SSL
	   }]);

DESCRIPTION

       Protocol module for Net::Server based on IO::Socket::SSL.  This module implements a secure socket layer over tcp (also known as SSL) via
       the IO::Socket::SSL module.  If this module does not work in your situation, please also consider using the SSLEAY protocol
       (Net::Server::Proto::SSLEAY) which interfaces directly with Net::SSLeay.  See Net::Server::Proto.

       If you know that your server will only need IPv4 (which is the default for Net::Server), you can load IO::Socket::SSL in inet4 mode which
       will prevent it from using Socket6 and IO::Socket::INET6 since they would represent additional and unsued overhead.

	   use IO::Socket::SSL qw(inet4);
	   use base qw(Net::Server::Fork);

	   __PACKAGE__->run(proto => "ssl");

PARAMETERS

       In addition to the normal Net::Server parameters, any of the SSL parameters from IO::Socket::SSL may also be specified.	See
       IO::Socket::SSL for information on setting this up.  All arguments prefixed with SSL_ will be passed to the IO::Socket::SSL->configure
       method.

BUGS

       Until version Net::Server version 2, Net::Server::Proto::SSL used the default IO::Socket::SSL::accept method.  This old approach introduces
       a DDOS vulnerability into the server, where the socket is accepted, but the parent server then has to block until the client negotiates the
       SSL connection.	This has now been overcome by overriding the accept method and accepting the SSL negotiation after the parent socket has
       had the chance to go back to listening.

LICENCE

       Distributed under the same terms as Net::Server

THANKS

       Thanks to Vadim for pointing out the IO::Socket::SSL accept was returning objects blessed into the wrong class.

perl v5.18.2							    2013-01-09						Net::Server::Proto::SSL(3)