ID CVE-2015-1764
Summary The web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allow remote attackers to bypass the Same Origin Policy and send HTTP traffic to intranet servers via a crafted request, related to a Server-Side Request Forgery (SSRF) issue, aka "Exchange Server-Side Request Forgery Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_8:*:*:*:*:*:*
    cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_8:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:exchange_server:2013:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:exchange_server:2013:sp1:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 12-10-2018 - 22:09)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
msbulletin via4
bulletin_id MS15-064
bulletin_url
date 2015-06-09T00:00:00
impact Elevation of Privilege
knowledgebase_id 3062157
knowledgebase_url
severity Important
title Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege
refmap via4
bid 75007
sectrack 1032528
Last major update 12-10-2018 - 22:09
Published 10-06-2015 - 01:59
Last modified 12-10-2018 - 22:09
Back to Top