Lucene search

[email protected]CVE-2005-0420

HistoryApr 27, 2005 - 4:00 a.m.

CVE-2005-0420

2005-04-2704:00:00

CWE-601

[email protected]

web.nvd.nist.gov

microsoft

outlook web access

owa

remote attackers

redirect

owalogon.asp

nvd

6.9 Medium

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.972 High

EPSS

Percentile

99.8%

JSON

Microsoft Outlook Web Access (OWA), when used with Exchange, allows remote attackers to redirect users to arbitrary URLs for login via a link to the owalogon.asp application.

CPENameOperatorVersion
microsoft:exchange_servermicrosoft exchange servereq2003

CPE	Name	Operator	Version
microsoft:exchange_server	microsoft exchange server	eq	2003

References

seclists.org/lists/fulldisclosure/2005/Feb/0106.html

secunia.com/advisories/14144

www.securityfocus.com/bid/12459

www.vupen.com/english/advisories/2005/0105

exchange.xforce.ibmcloud.com/vulnerabilities/19225

6.9 Medium

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.972 High

EPSS

Percentile

99.8%

JSON

Related for CVE-2005-0420

openvas1 nessus1