| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS15-103 | Vulnerabilities in Microsoft Exchange Server Could Allow Information Disclosure (3089250) | Microsoft Exchange | Important | 09-09-2015 |
Technical Information
Brief overview of the risk:
This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow information disclosure if Outlook Web Access (OWA) fails to properly handle web requests, and sanitize user input and email content.
Detailed Information on the risk:
An information disclosure vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited the vulnerability could discover stacktrace details.
To exploit the vulnerability, an attacker would have to create a specially crafted web application request and then submit it to a web application. The security update addresses the vulnerability by correcting how Microsoft Exchange OWA handles web requests.
Microsoft Exchange Server 2013 Cumulative Update 8 To exploit the vulnerability, an attacker would have to create a specially crafted web application request and then submit it to a web application. The security update addresses the vulnerability by correcting how Microsoft Exchange OWA handles web requests.
Further information on this exploit is available at : MS15-103
Microsoft Exchange Server 2013 Cumulative Update 9
Microsoft Exchange Server 2013 Service Pack 1
Affected Software
Microsoft Exchange Server 2013 Cumulative Update 8Microsoft Exchange Server 2013 Cumulative Update 9
Microsoft Exchange Server 2013 Service Pack 1