Detections
Analytics

MS15-103: Vulnerabilities in Microsoft Exchange Server Could Allow Information Disclosure (3089250)

medium Nessus Plugin ID 85883

Language:

Synopsis

The remote Microsoft Exchange server is affected by multiple information disclosure vulnerabilities.

Description

The remote Microsoft Exchange server is missing a security update. It is, therefore, affected by multiple vulnerabilities :

 - An information disclosure vulnerability exists Outlook Web Access (OWA) due to improper handling of web requests. An unauthenticated, remote attacker can exploit this, via a specially crafted web application request, to see the contents of a stacktrace.
 (CVE-2015-2505)

 - Multiple spoofing vulnerabilities exist in Outlook Web Access (OWA) due to improper sanitization of specially crafted email. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a malicious website, resulting in the disclosure of sensitive information. (CVE-2015-2543, CVE-2015-2544)

Solution

Microsoft has released a set of patches for Exchange 2013.

See Also

http://www.nessus.org/u?de71da53

Plugin Details

Severity: Medium

ID: 85883

File Name: smb_nt_ms15-103.nasl

Version: 1.11

Type: local

Agent: windows

Published: 9/10/2015

Updated: 4/20/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2015-2505

Vulnerability Information

CPE: cpe:/a:microsoft:exchange_server

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 9/8/2015

Vulnerability Publication Date: 9/8/2015

Reference Information

CVE: CVE-2015-2505, CVE-2015-2543, CVE-2015-2544

BID: 76595, 76596, 76598

MSFT: MS15-103

MSKB: 3087126