CVE-2005-0420
published 2005-04-27CVE-2005-0420: Microsoft Outlook Web Access (OWA), when used with Exchange, allows remote attackers to redirect users to arbitrary URLs for login via a link to the…
PriorityP429medium5.8CVSS 2.0
AVNACMAuNCPIPAN
EXPLOIT
EPSS
25.56%
97.7th percentile
Microsoft Outlook Web Access (OWA), when used with Exchange, allows remote attackers to redirect users to arbitrary URLs for login via a link to the owalogon.asp application.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | exchange_server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests to /exchweb/bin/auth/owalogon.asp where the 'url' query parameter points to an external or off-domain host, which is the exploitation vector for this open-redirect vulnerability. ↗
- →Flag requests to owalogon.asp containing a 'url=' parameter with a decimal/numeric IP address (e.g. http://3221234342/) as this is a common obfuscation technique used in phishing redirects exploiting this CVE. ↗
- →Alert on use of this vulnerability in phishing campaigns: an attacker crafts a legitimate-looking OWA URL that, upon form submission, redirects the victim to an attacker-controlled credential-harvesting page. ↗
- ·The vulnerable endpoint is specific to Microsoft Exchange deployments exposing Outlook Web Access (OWA); the path /exchweb/bin/auth/owalogon.asp is only present on affected Exchange/OWA installations. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://seclists.org/lists/fulldisclosure/2005/Feb/0106.htmlhttp://secunia.com/advisories/14144http://www.securityfocus.com/bid/12459http://www.vupen.com/english/advisories/2005/0105https://exchange.xforce.ibmcloud.com/vulnerabilities/19225http://seclists.org/lists/fulldisclosure/2005/Feb/0106.htmlhttp://secunia.com/advisories/14144http://www.securityfocus.com/bid/12459http://www.vupen.com/english/advisories/2005/0105https://exchange.xforce.ibmcloud.com/vulnerabilities/19225
2005-04-27
Published