Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Windows : Microsoft Bulletins >> Vulnerability in Exchange Server 5.5 Outlook Web Access XSS (895179)


Vulnerability Assessment Details

Vulnerability in Exchange Server 5.5 Outlook Web Access XSS (895179)

Vulnerability Assessment Summary
Checks for ms05-029 via the registry

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote Web Server contains a script which is vulnerable to cross site
scripting attacks.

Description :

The remote host is running a version of the Outlook Web Access which contains
cross site scripting flaws.

This vulnerability could permit a possible hacker to convince a user
to run a malicious script. If this malicious script is run, it would execute
in the security context of the user.
Attempts to exploit this vulnerability require user interaction.

This vulnerability could permit a possible hacker access to any data on the
Outlook Web Access server that was accessible to the individual user.

It may also be possible to exploit the vulnerability to manipulate Web browser caches
and intermediate proxy server caches, and put spoofed content in those caches.

Solution :

Microsoft has released a patch for OWA for Exchange 5.5 :

http://www.microsoft.com/technet/security/bulletin/ms05-029.mspx

Network Security Threat Level:

Low / CVSS Base Score : 3
(AV:R/AC:H/Au:NR/C:P/A:N/I:N/B:C)

Networks Security ID: 13952

Vulnerability Assessment Copyright: This script is Copyright (C) 2005 Tenable Network Security

Cables, Connectors


Cisco WAP371 IEEE 802.11ac 1.27 Gbit/s Wireless Access Point picture

Cisco WAP371 IEEE 802.11ac 1.27 Gbit/s Wireless Access Point

$80.00



GENUINE CISCO QSFP-40/100-SRBD 100G QSFP Transceiver  picture

GENUINE CISCO QSFP-40/100-SRBD 100G QSFP Transceiver

$129.99



Cisco SG110 24 Port Gigabit Ethernet Switch w/ 2 x SFP SG110-24 picture

Cisco SG110 24 Port Gigabit Ethernet Switch w/ 2 x SFP SG110-24

$117.00



GENUINE CISCO DS-SFP-FC32G-SW SFP NEW SEALED SEE PHOTOS SHIPS FREE picture

GENUINE CISCO DS-SFP-FC32G-SW SFP NEW SEALED SEE PHOTOS SHIPS FREE

$74.99



Cisco WS-C3850-48P-L 48-Port Gigabit 3850 PoE Switch w/ 715W+ C3850-NM-4-1G Mod picture

Cisco WS-C3850-48P-L 48-Port Gigabit 3850 PoE Switch w/ 715W+ C3850-NM-4-1G Mod

$79.00



Cisco Nexus N3K-C3048TP-1GE 48 Port Switch w/ Dual Power - Same Day Shipping picture

Cisco Nexus N3K-C3048TP-1GE 48 Port Switch w/ Dual Power - Same Day Shipping

$85.99



Genuine Cisco SFP-10G-SR V03 10GBASE-SR SFP+ Transceiver Module 10-2415-03  picture

Genuine Cisco SFP-10G-SR V03 10GBASE-SR SFP+ Transceiver Module 10-2415-03

$8.00



Cisco WS-C3750X-48T-S 48 Port 3750X Gigabit Switch - Same Day Shipping picture

Cisco WS-C3750X-48T-S 48 Port 3750X Gigabit Switch - Same Day Shipping

$49.95



Cisco C9300-48U-A 48-Port Gig UPoE Network Advantage Switch -Same Day Shipping picture

Cisco C9300-48U-A 48-Port Gig UPoE Network Advantage Switch -Same Day Shipping

$859.95



Cisco Nexus N3K-C3172PQ-XL 48P 10GbE SFP+ 4P QSFP+ Switch N3K-C3172PQ-XL-F picture

Cisco Nexus N3K-C3172PQ-XL 48P 10GbE SFP+ 4P QSFP+ Switch N3K-C3172PQ-XL-F

$229.00



Discussions

No Discussions have been posted on this vulnerability.