Solved

Security Scan has detected a flag on OWA 2003 I need some help to remediate

Posted on 2011-09-16
1
1,184 Views
Last Modified: 2012-06-27
Hi,

We are having the following issue when running a 3rd party scan on the OWA servers Exchange 2003

This issue has been reported here as well but there was not solution provided:

http://social.technet.microsoft.com/Forums/en-US/exchangesvrcompliance/thread/ec51dd70-79f4-4877-93d7-71d9a08cac6c/

My server is up to date.

Here is the error from the scanner:

Syntax error occurred port 80/tcp

QID: 150022 CVSS Base: 7.5 PCI Severity:

Category: Web Application CVSS Temporal: 6.8

CVE ID: -

Vendor Reference: -

Bugtraq ID: -

Last Update: 01/16/2009

THREAT:

A test payload generated a syntax error within the web application. This often points to a problem with input validation routines or lack of filters on

user-supplied content.

Scan Results page 62

IMPACT:

A malicious user may be able to create a denial of service, serious error, or exploit depending on the error encountered by the web application.

SOLUTION:

The web application should restrict user-supplied to consist of a minimal set of characters necessary for the input field. Additionally, all content

received from the client (i.e. web browser) should be validated to an expected format or checked for malicious content.

RESULT:

url: https://xx.xx.xx.xx/exchweb/bin/auth/owalogon.asp?reason=%22%3e%3cqss%3e&url=https://xx.xx.xx.xx/exchange

variants: 31

matched: onload()

{

<font face="Arial" size=2>

<p>Microsoft VBScript runtime </font> <font face="Arial" size=2>error '800a000d'</font>

<p>

<font face="Arial" size=2>Type mismatch: '[st


0
Comment
Question by:llarava
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 26

Accepted Solution

by:
e_aravind earned 500 total points
ID: 36559101
From the social technet:
===============
>> Also I want to recommend you if there is no error after you run ExBPA, we can assume Exchange is in health state. We can just ignore the error.

From your Question:
=============

IMPACT:

A malicious user may be able to create a denial of service, serious error, or exploit depending on the error encountered by the web application.

SOLUTION:

The web application should restrict user-supplied to consist of a minimal set of characters necessary for the input field. Additionally, all content

received from the client (i.e. web browser) should be validated to an expected format or checked for malicious content

>> so if needed for the iis6.0 you can have the urlscan to control the content-length ...but that needs a lot of additional over-head


Normally we can ignore this...with the hope that iis6.0 will handle the DOS attack
http://support.microsoft.com/kb/307608
http://technet.microsoft.com/en-us/security/cc242650
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
This video discusses moving either the default database or any database to a new volume.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question