Full Disclosure mailing list archives
Blocks OWA Redirect Attempts
From: "Morning Wood" <se_cur_ity () hotmail com>
Date: Fri, 18 Mar 2005 10:34:16 -0800
since MS is lax about OWA patching, a kind admin sent me this Cisco Mgmt rule to prevent OWA redirect phishing. D.W ------------------------ / start / -------------------- <?xml version='1.0'?> <!DOCTYPE CSAMCEXPORT> <CSAMCEXPORT export_time="Thu Mar 10 13:15:40 Eastern Standard Time 2005" format_version="4.0"> <DATASET hidden="0" description="Blocks OWA Redirect Attempts" name="Outlook Web Access Redirect" id="5264" _toplevel="0"> <DATA_IN value="*/exchweb/bin/auth/owalogon.asp?url=*"/> <DATA_EX value="*/exchweb/bin/auth/owalogon.asp?url=https://mymail.com/exchange*"/> </DATASET> <RULE description="Deny OWA Exploits" user_msg="" tla="DACL" id="660" description_detail="" action="deny" log="log_low" priority="201" _toplevel="0" enabled="1"> <APPCLASS_REF ref_id="120"/> <DATASET_REF ref_id="5264"/> </RULE> <APPCLASS is_session_void="0" ostype="W" description="IIS Web Server executable file" name="IIS Web Server application" id="120" is_timeout="0" description_detail="" _toplevel="0" timeout="" process_group="0" apptype="S"> <USE_IN_PROD value="SW"/> <USE_IN_PROD value="SF"/> <FILE_LITERAL file="inetinfo.exe" dir="**"/> <FILE_LITERAL file="w3wp.exe" dir="**"/> </APPCLASS> <POLICY ostype="W" description="Protects OWA against URL Injection exploits" name="Custom OWA Module" id="74" description_detail="" _toplevel="1" mandatory="0"> <RULE_REF ref_id="660"/> </POLICY> </CSAMCEXPORT> ---------------------- / end / ---------------------- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/
Current thread:
- Blocks OWA Redirect Attempts Morning Wood (Mar 18)
- Re: Blocks OWA Redirect Attempts pingywon (Mar 18)