3 matches found
Microsoft Exchange OWA 长用户名拒绝服务漏洞
微软Exchange OWAOutlook Web Access组件存在一个拒绝服务漏洞。当使用很多"%"作 为用户名和口令登录时,OWA会返回HTTP 500 - Internal server error信息。用户将不 能通过IE进行登录。据报告说WWW发布服务和IIS管理服务会停止响应。 Microsoft Exchange Server 5.5 SP4 Microsoft Exchange Server 5.5 SP3 Microsoft Exchange Server 5.5 SP2 Microsoft Exchange Server 5.5 SP1 Microsoft...
CVE-2003-0712
The CVE-2003-0712 issue is an XSS vulnerability in Microsoft Exchange Server 5.5 Outlook Web Access (OWA). The root cause is improper HTML encoding in the Compose New Message form, which could allow an attacker to craft a link or email that, when clicked by a user, executes script in the user’s b...
CVE-2002-0698
The CVE-2002-0698 entry describes a buffer overflow in Internet Mail Connector (IMC) of Microsoft Exchange Server 5.5 triggered by an EHLO response to a long hostname. OpenVAS/Nessus entries confirm an unchecked buffer in IMC’s EHLO handling that could allow code execution in the IMC service cont...