SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Server)  >   Microsoft Exchange Vendors:   Microsoft
Microsoft Exchange Server OWA Validation Flaws Lets Remote Users Spoof Content
SecurityTracker Alert ID:  1034647
SecurityTracker URL:  http://securitytracker.com/id/1034647
CVE Reference:   CVE-2016-0029, CVE-2016-0030, CVE-2016-0031, CVE-2016-0032   (Links to External Site)
Date:  Jan 12 2016
Impact:   Disclosure of user information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2013, 2016
Description:   Several vulnerabilities were reported in Microsoft Exchange Server. A remote user can spoof content.

Outlook Web Access (OWA) does not properly handle user-supplied web requests. A remote user can create a specially crafted link that, when loaded by the target user, will execute arbitrary scripting code or inject content or redirect the target user to another web site.

Abdulrahman Alqabandi, Alexandru Coltuneac, and israelg@bugsec.com reported some of these vulnerabilities.

Impact:   A remote user can spoof content to obtain potentially sensitive information.
Solution:   The vendor has issued a fix.

Microsoft Exchange Server 2013 Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=a3f4b22e-8e5e-4f0e-a3df-91d4f4ceb9ab

Microsoft Exchange Server 2013 Cumulative Update 10:

https://www.microsoft.com/downloads/details.aspx?familyid=607c1940-361a-46ea-81d4-70fc26d673d1

Microsoft Exchange Server 2013 Cumulative Update 11:

https://www.microsoft.com/downloads/details.aspx?familyid=53d2ea1c-6a7d-4003-9074-968dc6ca4f1c

Microsoft Exchange Server 2016:

https://www.microsoft.com/downloads/details.aspx?familyid=aa5c6ec3-bdce-4ccf-95c6-ac210ccc876e

The Microsoft advisory is available at:

https://technet.microsoft.com/library/security/ms16-010

Vendor URL:  technet.microsoft.com/library/security/ms16-010 (Links to External Site)
Cause:   Input validation error
Underlying OS:  Windows (2008), Windows (2012), Windows (8)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC