exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

owa-advisory-en.txt

owa-advisory-en.txt
Posted Feb 19, 2002
Authored by Marcos A. Ferreira Jr. | Site aristelecom.com.br

Outlook Web Access v5.5 SP4 and below contains a vulnerability which allows remote users to view files in the directory /lib. Several files can be viewed.

tags | remote, web
SHA-256 | 8c7dc9af27e85a64ba81631abf2529c58b7a940d065c1225988bae3eeb1a932e

owa-advisory-en.txt

Change Mirror Download

Aris Telecom Security Advisory
==============================
19/02/2002


Title:
======

Outlook Web Access view include files vulnerability


System Afected:
==============

Outlook Web Access 5.5 SP4 and others versions is possible


Description:
===========

The Outlook Web Access (OWA), possess an error that any user of Internet allows
to visualize all the archives of the directory /lib. These archives are stored
with extension INC, that to the being requested for browser it will show to all
programming asp contained in the archive:

www.server.com/exchange/lib/logon.inc


other archives that can be visualized are:

exchange/lib/AMPROPS.INC
exchange/lib/ATTACH.INC
exchange/lib/DELETE.INC
exchange/lib/GETREND.INC
exchange/lib/GETWHEN.INC
exchange/lib/JSATTACH.INC
exchange/lib/JSROOT.INC
exchange/lib/JSUTIL.INC
exchange/lib/LANG.INC
exchange/lib/PAGEUTIL.INC
exchange/lib/PUBFLD.INC
exchange/lib/RENDER.INC
exchange/lib/SESSION.INC
exchange/lib/STORE.INC


Solution:
========

Microsoft have been informed.


Acknowledgements:
================

The bug has been discovered by Marcos A. Ferreira Jr.
contacts: marcos@aristelecom.com.br

English version:
http://www.aristelecom.com.br/adv/owa-advisory-en.txt

Portuguese version:
http://www.aristelecom.com.br/adv/owa-advisory-pt.txt


Contact Information:
===================

The Aris Telecom can be reached by mailing: aristelecom@aristelecom.com.br
Our web page is at https://www.aristelecom.com.br

Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close