cbcvebase.
CVE-2005-0420
published 2005-04-27

CVE-2005-0420: Microsoft Outlook Web Access (OWA), when used with Exchange, allows remote attackers to redirect users to arbitrary URLs for login via a link to the…

PriorityP429medium5.8CVSS 2.0
AVNACMAuNCPIPAN
EXPLOIT
EPSS
25.56%
97.7th percentile
Microsoft Outlook Web Access (OWA), when used with Exchange, allows remote attackers to redirect users to arbitrary URLs for login via a link to the owalogon.asp application.

Affected

1 ranges
VendorProductVersion rangeFixed in
microsoftexchange_server

Detection & IOCsextracted from sources · hover to see the quote

path/exchweb/bin/auth/owalogon.asp
urlhttps://owa.example.com/exchweb/bin/auth/owalogon.asp?url=http://www.example.net
urlhttps://owa.example.com/exchweb/bin/auth/owalogon.asp?url=http://3221234342/
  • Monitor HTTP requests to /exchweb/bin/auth/owalogon.asp where the 'url' query parameter points to an external or off-domain host, which is the exploitation vector for this open-redirect vulnerability.
  • Flag requests to owalogon.asp containing a 'url=' parameter with a decimal/numeric IP address (e.g. http://3221234342/) as this is a common obfuscation technique used in phishing redirects exploiting this CVE.
  • Alert on use of this vulnerability in phishing campaigns: an attacker crafts a legitimate-looking OWA URL that, upon form submission, redirects the victim to an attacker-controlled credential-harvesting page.
  • ·The vulnerable endpoint is specific to Microsoft Exchange deployments exposing Outlook Web Access (OWA); the path /exchweb/bin/auth/owalogon.asp is only present on affected Exchange/OWA installations.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.