Test ID:	1.3.6.1.4.1.25623.1.0.805115
Category:	Windows : Microsoft Bulletins
Title:	Microsoft Exchange Server Multiple Vulnerabilities (3009712)
Summary:	This host is missing an important security; update according to Microsoft Bulletin MS14-075.
Description:	Summary: This host is missing an important security update according to Microsoft Bulletin MS14-075. Vulnerability Insight: Multiple flaws are due to: - An error when validating a request token. - Certain unspecified input is not properly sanitised before being returned to the user. - Certain input related to redirection tokens is not properly verified before being used to redirect users. Vulnerability Impact: Successful exploitation will allow remote attackers to conduct spoofing and cross-site scripting attacks. Affected Software/OS: - Microsoft Exchange Server 2007 Service Pack 3 and prior - Microsoft Exchange Server 2010 Service Pack 3 and prior - Microsoft Exchange Server 2013 Service Pack 1 and prior - Microsoft Exchange Server 2013 Cumulative Update 6 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-6319 Microsoft Security Bulletin: MS14-075 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-075 Common Vulnerability Exposure (CVE) ID: CVE-2014-6325 Common Vulnerability Exposure (CVE) ID: CVE-2014-6326 Common Vulnerability Exposure (CVE) ID: CVE-2014-6336
Copyright	Copyright (C) 2014 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.