This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote Microsoft Exchange Server is affected by multiple
The remote Microsoft Exchange Server is missing a security update. It
is, therefore, affected by multiple vulnerabilities :
- Multiple cross-site scripting (XSS) vulnerabilities
exist in Microsoft Exchange Outlook Web Access (OWA)
due to improper validation of user-supplied input in web
requests. An unauthenticated, remote attacker can
exploit these, via a specially crafted link, to execute
arbitrary script code in a user's browser session.
- A cross-site redirection vulnerability exists due to
improper validation of user-supplied input before
returning it to users. An unauthenticated, remote
attacker can exploit this, by convincing a user to
follow a link, to cause the user to load a malicious
website, which then can be used to conduct further
See also :
Microsoft has released a set of patches for Exchange Server 2010,
2013, and 2016.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true