VULHUB ™

Outlook Web Access is an optional component of Microsoft Exchange Server which runs in conjunction with Microsoft Internet Information Server. It provides access to a user's Exchange mailbox through a web interface. When processing client access requests, OWA Server does not place limits on folder depth. Remote attackers can exploit this to cause a denial of service by requesting access to complex folder structures (which need not exist). The CPU and memory consumed while processing these requests may result in a denial of service on the server.

Outlook Web Access is an optional component of Microsoft Exchange Server which runs in conjunction with Microsoft Internet Information Server. It provides access to a user's Exchange mailbox through a web interface. When processing client access requests, OWA Server does not place limits on folder depth. Remote attackers can exploit this to cause a denial of service by requesting access to complex folder structures (which need not exist). The CPU and memory consumed while processing these requests may result in a denial of service on the server.