Skip navigation
Menu
Collaboration>Email and Calendaring

Exchange 2000 Outlook Web Access Vulnerable to Denial of Service Attack

Reported September 27, 2001, by Joao Gouveia.

VERSION AFFECTED

·         Exchange 2000 Outlook Web Access (OWA)

DESCRIPTION
A vulnerability exists in Exchange 2000 OWA that results from unchecked directory paths. Because Exchange attempts to process requests without checking for the existence of a directory, an attacker can instigate a Denial of Service (DoS) attack against the server by repeatedly making requests that include a deeply nested nonexistent folder. Only users who can authenticate to the server can launch these attacks.

VENDOR RESPONSE

The vendor, Microsoft, has released version bulletin MS01-049 and a patch to fix this vulnerability.

CREDIT
Discovered by Joao Gouveia.
TAGS: Security
Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
zoom logo
Zoom Releases New AI-Powered Collaboration Platform—Zoom Workspace—Plus Other Updates
Mar 26, 2024
person working from home using smart phone and notebook computer
Monitoring Employee Productivity, Balance Surveillance with Transparency
Jan 03, 2024
zoom logo on screens of laptop and smartphone device.jpg
At Zoomtopia, Small Businesses Share Transformation Stories
Oct 12, 2023
zoom logo
Zoom Unveils Docs, Upgrades Contact Center Offerings
Oct 03, 2023