Short Name |
HTTP:MISC:MS-OWA-URL-REDIR |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft Exchange OWA CVE-2014-6336 URL Redirection |
Release Date |
2014/12/09 |
Update Number |
2449 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in Microsoft Exchange Outlook Web Access (OWA). An attacker can send a malformed e-mail, which if accessed by a victim using OWA, causes the affected system to run a malicious script in the context of the user's session.
Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 does not properly validate redirection tokens, which allows remote attackers to redirect users to arbitrary web sites and spoof the origin of e-mail messages via unspecified vectors, aka "Exchange URL Redirection Vulnerability."