Microsoft Outlook Web Access Login Form Remote URI Redirection Vulnerability

Microsoft Outlook Web Access Login Form Remote URI Redirection Vulnerability

No exploit is required. The following proofs of concept have been provided:

https://owa.example.com/exchweb/bin/auth/owalogon.asp?url=http://www.example.net
https://owa.example.com/exchweb/bin/auth/owalogon.asp?url=http://3221234342/