Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:1283 |
| Message | WEB-IIS outlook web dos |
| Summary | This event is generated when an attempt is made to cause a denial of service of WWW Publishing Service and IIS Administration software. |
| Impact | Denial of service. This attack may cause a vulnerable server to stop. |
| Detailed Information | Outlook Web Access (OWA) is an optional feature of Microsoft Exchange Server that allows a user to access mail through a web interface supported by Internet Information Services (IIS). A denial of service of the support software WWW Publishing service and IIS Administration can occur when a user enters a long string of '%' characters in the Log On field in OWA and enters these characcters in the username and password field received in the NT challenge dialog. |
| Affected Systems | Microsoft Exchange Server 5.5 and Microsoft Exchange Server 5.5 SP1, SP2, SP3, SP4 |
| Attack Scenarios | An attacker can enter a long string of '%' characters in OWA Log On and challenge fields to cause a denial of service against a vulnerable server. |
| Ease of Attack | Simple. |
| Corrective Action | Upgrade to the most current version of Microsoft Exchange Server. |
| Additional References | Bugtraq http://www.securityfocus.com/bid/3223 |
| Rule References | bugtraq: 3223 |
--
DID:328443
--
http://www.aanval.com/