Solved

Security Scan has detected a flag on OWA 2003 I need some help to remediate

Posted on 2011-09-16
1
1,195 Views
Last Modified: 2012-06-27
Hi,

We are having the following issue when running a 3rd party scan on the OWA servers Exchange 2003

This issue has been reported here as well but there was not solution provided:

http://social.technet.microsoft.com/Forums/en-US/exchangesvrcompliance/thread/ec51dd70-79f4-4877-93d7-71d9a08cac6c/

My server is up to date.

Here is the error from the scanner:

Syntax error occurred port 80/tcp

QID: 150022 CVSS Base: 7.5 PCI Severity:

Category: Web Application CVSS Temporal: 6.8

CVE ID: -

Vendor Reference: -

Bugtraq ID: -

Last Update: 01/16/2009

THREAT:

A test payload generated a syntax error within the web application. This often points to a problem with input validation routines or lack of filters on

user-supplied content.

Scan Results page 62

IMPACT:

A malicious user may be able to create a denial of service, serious error, or exploit depending on the error encountered by the web application.

SOLUTION:

The web application should restrict user-supplied to consist of a minimal set of characters necessary for the input field. Additionally, all content

received from the client (i.e. web browser) should be validated to an expected format or checked for malicious content.

RESULT:

url: https://xx.xx.xx.xx/exchweb/bin/auth/owalogon.asp?reason=%22%3e%3cqss%3e&url=https://xx.xx.xx.xx/exchange

variants: 31

matched: onload()

{

<font face="Arial" size=2>

<p>Microsoft VBScript runtime </font> <font face="Arial" size=2>error '800a000d'</font>

<p>

<font face="Arial" size=2>Type mismatch: '[st


0
Comment
Question by:llarava
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 26

Accepted Solution

by:
e_aravind earned 500 total points
ID: 36559101
From the social technet:
===============
>> Also I want to recommend you if there is no error after you run ExBPA, we can assume Exchange is in health state. We can just ignore the error.

From your Question:
=============

IMPACT:

A malicious user may be able to create a denial of service, serious error, or exploit depending on the error encountered by the web application.

SOLUTION:

The web application should restrict user-supplied to consist of a minimal set of characters necessary for the input field. Additionally, all content

received from the client (i.e. web browser) should be validated to an expected format or checked for malicious content

>> so if needed for the iis6.0 you can have the urlscan to control the content-length ...but that needs a lot of additional over-head


Normally we can ignore this...with the hope that iis6.0 will handle the DOS attack
http://support.microsoft.com/kb/307608
http://technet.microsoft.com/en-us/security/cc242650
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The new Gmail Phishing Scam going around is surprising even the savviest of users with its sophisticated techniques.
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
The viewer will learn how to create two correlated normally distributed random variables in Excel, use a normal distribution to simulate the return on different levels of investment in each of the two funds over a period of ten years, and, create a …
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question