Check Point Advisories

Microsoft Exchange OWA Cross-Site Scripting and Spoofing (MS04-026; CVE-2004-0203)

Check Point Reference: CPAI-2004-166
Date Published: 2 Nov 2009
Severity: Medium
Last Updated: Sunday 19 April, 2015
Source:
Industry Reference:CVE-2004-0203
Protection Provided by:

Security Gateway
R81, R80, R77, R75
Who is Vulnerable?
Vulnerability Description Microsoft Exchange Outlook Web Access is a web application that is an alternative to Microsoft Outlook. It allows users to access their emails and public folders using a web browser. Outlook Web Access is implemented in ASP and is hosted on a system with Internet Information Server (IIS) installed. There is vulnerability in Microsoft Outlook Web Access, a component of Microsoft Exchange, in the validation of user input. This vulnerability could allow a malicious user to conduct cross-site scripting and spoofing attacks against other users of the web access service. Some attack vectors require the victim to be logged into the Outlook Web Access system in order to exploit the vulnerability. If the user is not logged in, the login screen will be displayed and the user will be forwarded to a different URL. In a sophisticated attack, where code injection was successfull, the behaviour of the attack target is dependant on the nature of the injected code.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

  1. In the IPS tab, click Protections and find the Microsoft Exchange OWA Cross-Site Scripting and Spoofing (MS04-026) protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  Web Server Enforcement Violation.
Attack Information:  Microsoft Exchange OWA cross-site scripting and spoofing (MS04-026)

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK