Microsoft Exchange OWA Server Resource Starvation Vulnerability

Microsoft Exchange OWA Server Resource Starvation Vulnerability

Outlook Web Access is an optional component of Microsoft Exchange Server which runs in conjunction with Microsoft Internet Information Server. It provides access to a user's Exchange mailbox through a web interface.

When processing client access requests, OWA Server does not place limits on folder depth. Remote attackers can exploit this to cause a denial of service by requesting access to complex folder structures (which need not exist). The CPU and memory consumed while processing these requests may result in a denial of service on the server.