Skip navigation
Menu
Collaboration>Email and Calendaring

Information Disclosure Vulnerability in Microsoft Outlook Web Access for Exchange Server 5.5

Reported September 7, 2001, by Microsoft.

VERSION AFFECTED

·         Microsoft Outlook Web Access (OWA) for Exchange Server 5.5

 

DESCRIPTION
A vulnerability exists in Microsoft OWA for Exchange Server 5.5. An attacker can make unauthorized or unauthenticated requests to reveal information (e.g., email aliases and addresses) stored in the Global Address List (GAL). This vulnerability results because a function in OWA that interrogates the GAL doesn't require authentication. Unauthenticated users can call the function and enumerate the mail addresses of users on the server.

 

VENDOR RESPONSE

The vendor, Microsoft, has released security bulletin MS01-047 to address this vulnerability and recommends that affected users apply the patch the vender provides.

 

CREDIT
Discovered by Noam Rathaus of SecuriTeam.

TAGS: Security
Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
zoom logo
Zoom Releases New AI-Powered Collaboration Platform—Zoom Workspace—Plus Other Updates
Mar 26, 2024
person working from home using smart phone and notebook computer
Monitoring Employee Productivity, Balance Surveillance with Transparency
Jan 03, 2024
zoom logo on screens of laptop and smartphone device.jpg
At Zoomtopia, Small Businesses Share Transformation Stories
Oct 12, 2023
zoom logo
Zoom Unveils Docs, Upgrades Contact Center Offerings
Oct 03, 2023