This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.
The remote Microsoft Exchange server is affected by multiple
information disclosure vulnerabilities.
The remote Microsoft Exchange server is missing a security update. It
is, therefore, affected by multiple vulnerabilities :
- An information disclosure vulnerability exists Outlook
Web Access (OWA) due to improper handling of web
requests. An unauthenticated, remote attacker can
exploit this, via a specially crafted web application
request, to see the contents of a stacktrace.
- Multiple spoofing vulnerabilities exist in Outlook Web
Access (OWA) due to improper sanitization of specially
crafted email. An unauthenticated, remote attacker can
exploit these vulnerabilities by convincing a user to
visit a malicious website, resulting in the disclosure
of sensitive information. (CVE-2015-2543, CVE-2015-2544)
See also :
Microsoft has released a set of patches for Exchange 2013.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true