This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.
The remote mail server is affected by multiple vulnerabilities.
The version of Microsoft Exchange installed on the remote host is
affected by multiple vulnerabilities :
- A token spoofing vulnerability exists due to Microsoft
Outlook Web App (OWA) not properly validating request
tokens. A remote attacker can exploit this vulnerability
by convincing a user to visit a website with specially
crafted content, allowing the attacker to send email
that appears to come from a user other than the
- Multiple cross-site scripting vulnerabilities exist due
to Microsoft Exchange not properly validating input. A
remote attacker can exploit these vulnerabilities by
convincing a user to click a specially crafted URL to
the targeted Outlook Web App site. (CVE-2014-6325,
- A spoofing vulnerability exists due to Microsoft
Outlook Web App (OWA) not properly validating
redirection tokens. An attacker can exploit this
vulnerability to redirect a user to an arbitrary domain
from a link that appears to originate from the user's
domain. An attacker can also exploit this vulnerability
to send email that appears to come from a user other
than the attacker. (CVE-2014-6336).
See also :
Microsoft has released a set of patches for Exchange 2007 SP3, 2010
SP3, and 2013 SP1 / CU6.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : false
Family: Windows : Microsoft Bulletins
Nessus Plugin ID: 79827 ()
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now