• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Exchange Outlook Web Access HTTP Response Splitting Vulnerability

Microsoft Exchange Outlook Web Access (OWA) is prone to HTTP response splitting attacks.

This issue could permit hostile script to be injected into client sessions, which could gain access to properties of the OWA server and Web pages hosted on the site.

It is noted that the attacker must authenticate to OWA to be in a position to exploit this issue. If successfully exploited, this could allow for various attacks, such as session hijacking, and content spoofing. This issue could also be used to exploit latent vulnerabilities in Web client software.