Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Security Scan has detected a flag on OWA 2003 I need some help to remediate

Posted on 2011-09-16
1
Medium Priority
?
1,226 Views
Last Modified: 2012-06-27
Hi,

We are having the following issue when running a 3rd party scan on the OWA servers Exchange 2003

This issue has been reported here as well but there was not solution provided:

http://social.technet.microsoft.com/Forums/en-US/exchangesvrcompliance/thread/ec51dd70-79f4-4877-93d7-71d9a08cac6c/

My server is up to date.

Here is the error from the scanner:

Syntax error occurred port 80/tcp

QID: 150022 CVSS Base: 7.5 PCI Severity:

Category: Web Application CVSS Temporal: 6.8

CVE ID: -

Vendor Reference: -

Bugtraq ID: -

Last Update: 01/16/2009

THREAT:

A test payload generated a syntax error within the web application. This often points to a problem with input validation routines or lack of filters on

user-supplied content.

Scan Results page 62

IMPACT:

A malicious user may be able to create a denial of service, serious error, or exploit depending on the error encountered by the web application.

SOLUTION:

The web application should restrict user-supplied to consist of a minimal set of characters necessary for the input field. Additionally, all content

received from the client (i.e. web browser) should be validated to an expected format or checked for malicious content.

RESULT:

url: https://xx.xx.xx.xx/exchweb/bin/auth/owalogon.asp?reason=%22%3e%3cqss%3e&url=https://xx.xx.xx.xx/exchange

variants: 31

matched: onload()

{

<font face="Arial" size=2>

<p>Microsoft VBScript runtime </font> <font face="Arial" size=2>error '800a000d'</font>

<p>

<font face="Arial" size=2>Type mismatch: '[st


0
Comment
Question by:llarava
1 Comment
 
LVL 26

Accepted Solution

by:
e_aravind earned 2000 total points
ID: 36559101
From the social technet:
===============
>> Also I want to recommend you if there is no error after you run ExBPA, we can assume Exchange is in health state. We can just ignore the error.

From your Question:
=============

IMPACT:

A malicious user may be able to create a denial of service, serious error, or exploit depending on the error encountered by the web application.

SOLUTION:

The web application should restrict user-supplied to consist of a minimal set of characters necessary for the input field. Additionally, all content

received from the client (i.e. web browser) should be validated to an expected format or checked for malicious content

>> so if needed for the iis6.0 you can have the urlscan to control the content-length ...but that needs a lot of additional over-head


Normally we can ignore this...with the hope that iis6.0 will handle the DOS attack
http://support.microsoft.com/kb/307608
http://technet.microsoft.com/en-us/security/cc242650
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Mailbox Corruption is a nightmare every Exchange DBA wishes he never has. Recovering from it can be super-hectic if not entirely futile. And though techniques like the New-MailboxRepairRequest cmdlet have been designed to help with fixing minor corr…
Upgrading from older Exchange server to the latest Exchange server can be tiresome, error-prone and risky, without being a seasoned exchange server administrators. It can become even problematic if you're an organization that runs on tight timeline…
The viewer will learn how to use the =DISCRINV command to create a discrete random variable, use this command to model a set of probabilities and outcomes in a Monte Carlo simulation, and learn how to find the standard deviation of a set of probabil…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question