Reported September 27, 2001, by Joao Gouveia.
VERSION AFFECTED
· Exchange 2000 Outlook Web Access (OWA)
DESCRIPTION
A vulnerability exists in Exchange 2000 OWA that
results from unchecked directory paths. Because Exchange attempts to process
requests without checking for the existence of a directory, an attacker can
instigate a Denial of Service (DoS) attack against the server by repeatedly
making requests that include a deeply nested nonexistent folder. Only users who
can authenticate to the server can launch these attacks.
VENDOR RESPONSE
The vendor, Microsoft, has released version bulletin MS01-049 and a patch to fix this vulnerability.
CREDITDiscovered by Joao Gouveia.
0 comments
Hide comments