MS15-103: Vulnerabilities in Microsoft Exchange Server Could Allow Information Disclosure (3089250)

Medium Nessus Plugin ID 85883


The remote Microsoft Exchange server is affected by multiple information disclosure vulnerabilities.


The remote Microsoft Exchange server is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists Outlook Web Access (OWA) due to improper handling of web requests. An unauthenticated, remote attacker can exploit this, via a specially crafted web application request, to see the contents of a stacktrace.

- Multiple spoofing vulnerabilities exist in Outlook Web Access (OWA) due to improper sanitization of specially crafted email. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a malicious website, resulting in the disclosure of sensitive information. (CVE-2015-2543, CVE-2015-2544)


Microsoft has released a set of patches for Exchange 2013.

See Also

Plugin Details

Severity: Medium

ID: 85883

File Name: smb_nt_ms15-103.nasl

Version: $Revision: 1.8 $

Type: local

Agent: windows

Published: 2015/09/10

Modified: 2017/07/24

Dependencies: 57033, 77910

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Vulnerability Information

CPE: cpe:/a:microsoft:exchange_server

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2015/09/08

Vulnerability Publication Date: 2015/09/08

Reference Information

CVE: CVE-2015-2505, CVE-2015-2543, CVE-2015-2544

BID: 76595, 76596, 76598

OSVDB: 127209, 127210, 127211

MSFT: MS15-103

MSKB: 3087126