Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (E-mail Server)  >   Microsoft Exchange Vendors:   Microsoft
Microsoft Exchange Server OWA Validation Flaws Lets Remote Users Spoof Content
SecurityTracker Alert ID:  1034647
SecurityTracker URL:
CVE Reference:   CVE-2016-0029, CVE-2016-0030, CVE-2016-0031, CVE-2016-0032   (Links to External Site)
Date:  Jan 12 2016
Impact:   Disclosure of user information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2013, 2016
Description:   Several vulnerabilities were reported in Microsoft Exchange Server. A remote user can spoof content.

Outlook Web Access (OWA) does not properly handle user-supplied web requests. A remote user can create a specially crafted link that, when loaded by the target user, will execute arbitrary scripting code or inject content or redirect the target user to another web site.

Abdulrahman Alqabandi, Alexandru Coltuneac, and reported some of these vulnerabilities.

Impact:   A remote user can spoof content to obtain potentially sensitive information.
Solution:   The vendor has issued a fix.

Microsoft Exchange Server 2013 Service Pack 1:

Microsoft Exchange Server 2013 Cumulative Update 10:

Microsoft Exchange Server 2013 Cumulative Update 11:

Microsoft Exchange Server 2016:

The Microsoft advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Input validation error
Underlying OS:  Windows (2008), Windows (2012), Windows (8)

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC