KLA10658
Multiple vulnerabilities in Microsoft Exchange Server

Обновлено: 03/06/2020

Дата обнаружения	08/09/2015
Уровень угрозы	Warning
Описание	Multiple serious vulnerabilities have been found in Microsoft Exchange Server. Malicious users can exploit these vulnerabilities to spoof user interface or obtain sensitive information. Below is a complete list of vulnerabilities Improper web request handling at Outlook Web Access can be exploited remotely via a specially designed web application request to obtain sensitive information; Improper emails sanitization at Outlook Web Access can be exploited remotely via a specially designed email to spoof user interface.
Пораженные продукты	Exchange Server 2013 Cumulative Update 8 Exchange Server 2013 Cumulative Update 9 Exchange Server 2013 Service Pack 1
Решение	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Первичный источник обнаружения	CVE-2015-2544 CVE-2015-2505 CVE-2015-2543
Оказываемое влияние ?	OSI [?] SUI [?]
Связанные продукты	Microsoft Exchange Server
CVE-IDS	CVE-2015-25444.3Warning CVE-2015-25055.0Critical CVE-2015-25434.3Warning

KLA10658Multiple vulnerabilities in Microsoft Exchange Server