CVE-2005-0420

Microsoft Exchange Server - Open Redirect

Title source: rule

Description

Microsoft Outlook Web Access (OWA), when used with Exchange, allows remote attackers to redirect users to arbitrary URLs for login via a link to the owalogon.asp application.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Morning Wood · textwebappsasp

https://www.exploit-db.com/exploits/25084

View Code ZIP pw:eip

References (5)

[Mailing List, Third Party Advisory] http://seclists.org/lists/fulldisclosure/2005/Feb/0106.html

[Exploit, Third Party Advisory] http://secunia.com/advisories/14144

[Exploit, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/12459

[Permissions Required] http://www.vupen.com/english/advisories/2005/0105

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/19225

Scores

EPSS 0.7471

EPSS Percentile 98.9%

Details

CWE

CWE-601

Status published

Products (1)

microsoft/exchange_server 2003 (2 CPE variants)

Published Apr 27, 2005

Tracked Since Feb 18, 2026