Test Kennung:	1.3.6.1.4.1.25623.1.0.805146
Kategorie:	Windows : Microsoft Bulletins
Titel:	Microsoft Exchange Server Privilege Escalation Vulnerability (3040856)
Zusammenfassung:	This host is missing an important security; update according to Microsoft Bulletin MS15-026.
Beschreibung:	Summary: This host is missing an important security update according to Microsoft Bulletin MS15-026. Vulnerability Insight: Multiple flaws are due to an improper validation of user supplied input before returning it to users, - /owa/ script to the 'X-OWA-Canary' cookie value, when 'ae' is set to 'Item' and 't' is set to 'AD.RecipientType.User'. - errorfe.aspx script to the 'msgParam' parameter. - when handling server audit reports and other inputs. Vulnerability Impact: Successful exploitation will allow remote attacker execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Affected Software/OS: - Microsoft Exchange Server 2013 Service Pack 1 - Microsoft Exchange Server 2013 Cumulative Update 7 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-1628 Microsoft Security Bulletin: MS15-026 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-026 http://www.securitytracker.com/id/1031900 Common Vulnerability Exposure (CVE) ID: CVE-2015-1629 Common Vulnerability Exposure (CVE) ID: CVE-2015-1630 Common Vulnerability Exposure (CVE) ID: CVE-2015-1631 Common Vulnerability Exposure (CVE) ID: CVE-2015-1632
Copyright	Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.