The Active Network
ActiveMac Anonymous | Create a User | Reviews | News | Forums | Advertise  
 

  *  

  Microsoft Security Bulletin MS01-047: OWA Function Allows Unauthenticated User to Enumerate Global Address List
Time: 19:42 EST/00:42 GMT | News Source: ActiveWin.com | Posted By: Matthew Sabean

Among the functions Outlook Web Access (OWA) in Exchange 5.5 offers is the ability to search the global address list (GAL). By design, this is an authenticated function, implemented as a two-tier architecture - a front tier that provides a user interface and a back-end tier that actually performs the search. However, only the front tier actually checks authentication. An attacker who sent a properly formatted request to the back-end function that actually performs the search could enumerate the GAL without authenticating.

  • The vulnerability would only allow the attacker to learn users’ email aliases. It would not provide any other capabilities. Specifically, it would not give the attacker any way to create or send mail as a user; to read, change or delete mail; or to perform any other functions on the server.
  • The vulnerability is only exploitable via OWA. Exchange servers that are not configured to offer OWA are not affected by the vulnerability.
  • The vulnerability does not affect Exchange 2000, even when offering OWA.

Patch availability:
Microsoft Exchange 5.5: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=32483

Write Comment
Return to News

  Displaying 576 through 577 of 577
Prev | First
  The time now is 2:45:47 PM ET.
Any comment problems? E-mail us
#576 By 4240821 (82.115.4.230) at 7/8/2025 2:14:16 PM
https://moanio.com/video.php?id=2545
https://moanio.com/video.php?id=3118
https://moanio.com/video.php?id=3314
https://moanio.com/video.php?id=824
https://moanio.com/video.php?id=631
https://moanio.com/video.php?id=2330
https://moanio.com/video.php?id=205
https://moanio.com/video.php?id=3889
https://moanio.com/video.php?id=1196
https://moanio.com/video.php?id=3373

#577 By 4240821 (82.115.4.230) at 7/10/2025 1:00:33 AM
https://justpaste.me/YhLS1
https://justpaste.me/YqL5
https://justpaste.me/ZEPH4
https://justpaste.me/Z4cV
https://justpaste.me/ZGFq3
https://justpaste.me/ZJKR2
https://justpaste.me/ZKjs
https://justpaste.me/YnFs2
https://justpaste.me/Ynmp3
https://justpaste.me/ZFwi1

Write Comment
Return to News
  Displaying 576 through 577 of 577
Prev | First
  The time now is 2:45:47 PM ET.
Any comment problems? E-mail us
User name and password:

 

  *  
  *   *