Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. OWA error reporting responds with a HTTP error 500 in OwaSerializationException

OWA error reporting responds with a HTTP error 500 in OwaSerializationException

View products that this article applies to.

Symptoms

When a malformed JSONRequest is sent in the X-OWA-UrlPostData in an Exchange Server 2013 or Exchange Server 2016 environment, Outlook Web Access error reporting may respond with a HTTP error 500 in OwaSerializationException. Additionally when you use a tool such as Fiddler or Burp Suite Scanner, you can obtain a callstack that resembles the following:
{"Body":{"ErrorCode":500,"ExceptionName":"OwaSerializationException","FaultMessage":"Cannot deserialize object of type FindConversationJsonRequest","IsTransient":false,"StackTrace":"Microsoft.Exchange.Clients.Owa2.Server.Core.OwaSerializationException: Cannot deserialize object of type FindConversationJsonRequest ---> System.Runtime.Serialization.SerializationException: Element ':root' contains data from a type that maps to the name 'http:\/\/schemas.contoso.com\/2004\/07\/Exchaasdadnge:FindConversationJsonRequest'.

Note This issue could be a vulnerability for an authenticated remote attacker to access sensitive information.

↑ Back to the top

Cumulative update information

For Exchange Server 2013

To resolve this issue, install Cumulative Update 14 for Exchange Server 2013 or a later cumulative update for Exchange Server 2013.

For Exchange Server 2016

To resolve this issue, install Cumulative Update 3 for Exchange Server 2016 or a later cumulative update for Exchange Server 2016.

↑ Back to the top

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top

References

Learn about the terminology that Microsoft uses to describe software updates.

Third-party information disclaimer
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

↑ Back to the top

Keywords: kbqfe, kbsurveynew, kbnotautohotfix, kbfix, kbexpertiseinter, kb

↑ Back to the top

Article Info
Article ID : 3176540
Revision : 1
Created on : 1/7/2017
Published on : 9/20/2016
Exists online : False
Views : 311