MS KB2401593: Microsoft Outlook Web Access (OWA) CSRF
Medium Nessus Plugin ID 49274
SynopsisThe remote web server is affected by a cross-site request forgery issue.
DescriptionThe remote host is running a version of Outlook Web Access (OWA) for Exchange Server that is affected by a cross-site request forgery vulnerability. By tricking an authenticated user to click on a link to a specially crafted web page, it may be possible for an attacker to perform unauthorized actions on behalf of the authenticated user.
SolutionUpgrade to either Microsoft Exchange Server 2007 Service Pack 3 / Exchange Server 2010 or later.