MS15-103: Vulnerabilities in Microsoft Exchange Server Could Allow Information Disclosure (3089250)

medium Nessus Plugin ID 85883


The remote Microsoft Exchange server is affected by multiple information disclosure vulnerabilities.


The remote Microsoft Exchange server is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists Outlook Web Access (OWA) due to improper handling of web requests. An unauthenticated, remote attacker can exploit this, via a specially crafted web application request, to see the contents of a stacktrace.

- Multiple spoofing vulnerabilities exist in Outlook Web Access (OWA) due to improper sanitization of specially crafted email. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a malicious website, resulting in the disclosure of sensitive information. (CVE-2015-2543, CVE-2015-2544)


Microsoft has released a set of patches for Exchange 2013.

See Also

Plugin Details

Severity: Medium

ID: 85883

File Name: smb_nt_ms15-103.nasl

Version: 1.11

Type: local

Agent: windows

Published: 9/10/2015

Updated: 4/20/2021

Risk Information


Risk Factor: Low

Score: 3.4


Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: E:U/RL:OF/RC:C

CVSS Score Source: CVE-2015-2505

Vulnerability Information

CPE: cpe:/a:microsoft:exchange_server

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 9/8/2015

Vulnerability Publication Date: 9/8/2015

Reference Information

CVE: CVE-2015-2505, CVE-2015-2543, CVE-2015-2544

BID: 76595, 76596, 76598

MSFT: MS15-103

MSKB: 3087126