Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

S-339: Vulnerabilities in Outlook Web Access for Exchange Server

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) S-339: Vulnerabilities in Outlook Web Access for Exchange Server
# 1  
Old 07-17-2008
S-339: Vulnerabilities in Outlook Web Access for Exchange Server
There is a cross-site scripting vulnerability in the affected versions of Outlook Web Access (OWA) for Exchange Server. Exploitation of the vulnerability could lead to elevation of privilege on individual OWA clients connecting to Outlook Web Access for Exchange Server. The risk is LOW. To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted e-mail that would run malicious script from within an individual OWA client. If the malicious script is executed, the script would run inthe security context of the user's OWA session and could perform any action that user could perform such as reading, sending, and deleting e-mail as the logged-on user.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. Proxy Server

How to use Squid on Linux to control certain IP to access Web Server and certain IP cannot access?

Dear all experts here, :) I would like to install a proxy server on Linux server to perform solely to control the access of Web server. In this case, some of my vendor asked me to try Squid and I have installed it onto my Linux server. I would like know how can I set the configuration to... (1 Reply)
Discussion started by: kwliew999
1 Replies

2. Shell Programming and Scripting

Send email from sendmail on AIX using exchange server as SMTP server

i am new in AIX i am trying to write a script to take a backup for specific files on server to and check error log if backup success send email to administrator , script done except for sending mail , i try to configure sendmail on aix to use our exchange server to send emails but still get error... (0 Replies)
Discussion started by: ahmed_salah
0 Replies

3. AIX

Exchange one server to another

Hi people, In my work i have 2 P595 server (P595A and P595B) i need to exchange one server from P595A to P595B and one from P595B to P595A, i know the best way to do this is make a mksysb copy of the system and restore it on another but, in this process i dont need to exchange all the server,... (4 Replies)
Discussion started by: anonymouzz
4 Replies

4. Homework & Coursework Questions

Parse a Web Server Access Log

1. The problem statement, all variables and given/known data: Write a parser for a web server access log that will provide the statistics outlined below. Remember to format your output in a neat form. You may complete this assignment with one Awk script or a shell script using a combination of... (6 Replies)
Discussion started by: codyhazelwood
6 Replies

5. Web Development

Cannot access Apache web server from Wan side, only Lan side.

I have installed WAMPSERVER 2.0 on my windows vista x64 system but still am having issues with getting the webserver to be seen outside my local network. It is working fine within my local network. Been through several setup tutorials so far, no dice still. For testing purposes I have... (1 Reply)
Discussion started by: davidmanvell
1 Replies

6. BSD

forwarding the request to the Outlook Web Access

Hello, FreeBSD is not forwarding the request to the Outlook Web Access. Is there some process that needs to be run in order for this to start? The server was rebuilt and is pingable. Any suggestion is greatly appreciated. Thank you, Gish (1 Reply)
Discussion started by: TESTQWER
1 Replies

7. UNIX for Advanced & Expert Users

remote web server access (apache)

Hi, I have web server (apache) installed in server-1 and i want to view the web pages from diferent servers also while the web server is running only in one server ....(all the servers are connected to office LAN) right now all the servers have apache running......and CPU utilzation is at its... (2 Replies)
Discussion started by: aditya.ece1985
2 Replies

8. UNIX for Dummies Questions & Answers

Ways to Access Files on Unix Server via Web

Hi all! I'm a web developer with a question. We have a contractor that is working on a project that requires the user to access a ton of files on the clients Unix server. He has plans to built a VB interface for on site windows users to access those files and wants us to develop a web based... (4 Replies)
Discussion started by: Imhotep1963
4 Replies
Login or Register to Ask a Question

LEARN ABOUT CENTOS

exchange2mbox

EXCHANGE2MBOX(1)					     OpenChange Users' Manual						  EXCHANGE2MBOX(1)

NAME

       exchange2mbox - Convert Exchange mailbox to mbox file

SYNOPSIS

       exchange2mbox [-?|--help] [--usage] [-f|--database PATH] [-p|--profile PROFILE]
	   [-P|--password PASSWORD] [-m|--mbox FILENAME] [-u|--update]
	   [-d|--debuglevel LEVEL] [--dump-data]

DESCRIPTION

       exchange2mbox  provides	a  way	to  synchronize an Exchange mailbox with a mbox file. The tool is developed so it only retrieves mails not
       already stored in the message ID index database and reflects changes back to the Exchange server if the local message copy are deleted.

OPTIONS

       --database

       -f     Set the path to the profile database to use

       --profile

       -p     Set the profile to use. If no profile is specified, exchange2mbox try to retrieve the default profile in the database. If no default
	      profile has been set, exchange2mbox returns MAPI_E_NOT_FOUND .

       --password

       -P     Set the password for the profile to use. This can be omitted if the password is stored in the profile.

       --mbox

       -m     Set the mbox file full path

       --update

       -u     Synchronize the local mbox file with the remote Exchange server mailbox.

       --dump-data
	      Dump the hex data. This is only required for debugging or educational purposes.

       --debuglevel LEVEL

       -d     Set the debug level.

EXAMPLES

       Create/Update the mbox file and indexes within the profile database:
       exchange2mbox

       Update the Exchange mailbox and indexes according to the changes made to the mbox file.

       exchange2mbox -u

REMARKS

       If  no  mbox file is specified, one will be automatically created in $(HOME)/.openchange/mbox .	If you are using the default profile data-
       base path and have set a default profile (using mapiprofile --profile=profile_name -S ) you do not need to specify these parameters on  the
       command line.

AUTHOR

       Julien Kerihuel <j.kerihuel at openchange dot org>

       Brad Hards <bradh at openchange dot org>

OpenChange 2.0 QUADRANT 					    2013-01-24							  EXCHANGE2MBOX(1)