CVE-2008-1547

NUCLEI

Microsoft Outlook Web Access <6.5.7638 - Open Redirect

Title source: llm

Description

Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Martin Suess · textremotewindows

https://www.exploit-db.com/exploits/32489

View Code ZIP pw:eip

Nuclei Templates (1)

Microsoft OWA Exchange Server 2003 - 'redir.asp' Open Redirection

MEDIUMby ctflearner

Shodan:

http.title:"Outlook" || http.favicon.hash:1768726119 || http.title:"outlook" || cpe:"cpe:2.3:a:microsoft:exchange_server"

FOFA: title="outlook" || icon_hash=1768726119

References (8)

[Third Party Advisory] http://securityreason.com/securityalert/4441

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/497374/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/497390/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/497433/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/497500/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/497534/100/0/threaded

[Exploit, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/31765

[VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/46061

Scores

EPSS 0.6311

EPSS Percentile 98.4%

Details

CWE

CWE-601

Status published

Products (1)

microsoft/exchange_server 2003 sp2

Published Oct 21, 2008

Tracked Since Feb 18, 2026