|
|
Microsoft Outlook Web访问存在拒绝服务攻击
发布时间:2001-08-28
更新时间:2001-08-28
严重程度:中
威胁程度:远程拒绝服务
错误类型:输入验证错误
利用方式:服务器模式
受影响系统Microsoft Exchange Server 5.5SP4
- Microsoft Windows NT 4.0SP7
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP6a
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP6
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP5
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP4
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP3
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP2
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Microsoft Windows 2000 SP2
+ Microsoft Windows 2000
- Microsoft Windows 2000 SP1
+ Microsoft Windows 2000
- Microsoft Windows 2000
- Microsoft BackOffice 4.5
- Microsoft Windows NT 4.0
Microsoft Exchange Server 5.5SP3
- Microsoft Windows NT 4.0SP7
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP6a
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP6
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP5
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP4
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP3
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP2
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Microsoft Windows 2000 SP2
+ Microsoft Windows 2000
- Microsoft Windows 2000 SP1
+ Microsoft Windows 2000
- Microsoft Windows 2000
- Microsoft BackOffice 4.5
- Microsoft Windows NT 4.0
Microsoft Exchange Server 5.5SP2
- Microsoft Windows NT 4.0SP7
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP6a
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP6
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP5
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP4
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP3
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP2
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Microsoft Windows 2000 SP2
+ Microsoft Windows 2000
- Microsoft Windows 2000 SP1
+ Microsoft Windows 2000
- Microsoft Windows 2000
- Microsoft BackOffice 4.5
- Microsoft Windows NT 4.0
Microsoft Exchange Server 5.5SP1
- Microsoft Windows NT 4.0SP7
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP6a
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP6
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP5
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP4
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP3
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP2
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Microsoft Windows 2000 SP2
+ Microsoft Windows 2000
- Microsoft Windows 2000 SP1
+ Microsoft Windows 2000
- Microsoft Windows 2000
- Microsoft BackOffice 4.5
- Microsoft Windows NT 4.0
Microsoft Exchange Server 5.5
- Microsoft Windows NT 4.0SP7
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP6a
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP6
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP5
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP4
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP3
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP2
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Microsoft Windows 2000 SP2
+ Microsoft Windows 2000
- Microsoft Windows 2000 SP1
+ Microsoft Windows 2000
- Microsoft Windows 2000
- Microsoft BackOffice 4.5
- Microsoft Windows NT 4.0 详细描述
Outlook web访问是Microsoft exchange server的一个选项组件,其联合IIS一起运行,提供用户通过WEB接口来访问他们自己的邮箱。
用户可以在Outlook Web Access页面中的LOG ON栏上输入很长的%字符字符串,然后,当用户接受到NT challenge对话框时,用户名和密码再输入超长的%字符串,可以导致WWW publishing服务和IIS管理服务停止。
测试代码
见描述部分
解决方案
配置IIS在服务OWA lOG ON之前分布Challenge-Response.
相关信息
|
