Results 1 to 3 of 3

Thread: Fixing URL redirect exploit at /exchweb/bin/auth/owaauth.dll

  1. #1
    Join Date
    Jan 2005
    Posts
    49

    Fixing URL redirect exploit at /exchweb/bin/auth/owaauth.dll

    After migrating to SBS 2003 we are facing some issue with redirect exploit. The alert was trig erred only after migration. After scanning the same with McAfee ScanAlert the url direct exploit error appeared. The scan found some user specified url and according to me there was no recent changes in the server. This is simply annoying to find the threat. I am worried about the server setup because the same was working on different server from 2005 and the exploit might exist in that which is caught by MacAfee in the new server.

  2. #2
    Join Date
    Oct 2005
    Posts
    48
    I had gone through the same problem some couple of months ago. I was not able to find out where was the issue actually. I contacted Microsoft for the information but it looks that there is no much information available. The vulnerability does not has any technical solution. I am waiting for reply from microsoft and hope that there will be some good solution available that can guide me on the problem.

  3. #3
    Join Date
    Oct 2004
    Posts
    55
    Did you tested the same. Means what happen on redirection. You must test that and try to find out how does the threat actually entered on the system. If you are having a good antivirus then there is nothing to much worry about the same. It works fine and there are also not complicated procedure to avoid the threat. You can rely on the antivirus that you are using. I think it is more than enough. But it is a matter of risk that such vulnerability lies in your system.

Similar Threads

  1. Exchange, Exchweb and Public redirection
    By Jagruti23 in forum Technology & Internet
    Replies: 4
    Last Post: 10-08-2010, 01:19 PM
  2. FormMail cgi with SMTP Auth
    By Samara in forum Software Development
    Replies: 5
    Last Post: 18-06-2010, 04:23 AM
  3. Windows 2008 LDAP and auth-conf
    By Drewski in forum Active Directory
    Replies: 1
    Last Post: 24-02-2009, 10:42 PM
  4. 503 AUTH command used when not advertised
    By Penzoil in forum Networking & Security
    Replies: 4
    Last Post: 14-02-2009, 10:04 PM
  5. LDAP auth fails
    By lavarus@bigstring.com in forum Active Directory
    Replies: 8
    Last Post: 05-06-2007, 10:05 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,711,696,624.95944 seconds with 17 queries