MS15-103: Vulnerabilities in Microsoft Exchange Server Could Allow Information Disclosure (3089250)
Medium Nessus Plugin ID 85883
SynopsisThe remote Microsoft Exchange server is affected by multiple information disclosure vulnerabilities.
DescriptionThe remote Microsoft Exchange server is missing a security update. It is, therefore, affected by multiple vulnerabilities :
- An information disclosure vulnerability exists Outlook Web Access (OWA) due to improper handling of web requests. An unauthenticated, remote attacker can exploit this, via a specially crafted web application request, to see the contents of a stacktrace.
- Multiple spoofing vulnerabilities exist in Outlook Web Access (OWA) due to improper sanitization of specially crafted email. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a malicious website, resulting in the disclosure of sensitive information. (CVE-2015-2543, CVE-2015-2544)
SolutionMicrosoft has released a set of patches for Exchange 2013.