Microsoft Outlook Web Access for Exchange Server 'redir.asp' URI Redirection Vulnerability

Microsoft Outlook Web Access for Exchange Server 'redir.asp' URI Redirection Vulnerability

An attacker can exploit this issue by enticing an unsuspecting victim into following a malicious URI.

The following example URIs are available:

https://webmail.example.com/exchweb/bin/redir.asp?URL=http://www.example2.com

https://webmail.example.com/CookieAuth.dll?GetLogon?url=%2Fexchweb%2Fbin%2Fredir.asp%3FURL%3Dhttp%3A%2F%2Fwww.example2.com&reason=0