Test ID:	1.3.6.1.4.1.25623.1.0.806108
Category:	Windows : Microsoft Bulletins
Title:	Microsoft Exchange Server information Disclosure Vulnerability (3089250)
Summary:	This host is missing an important security; update according to Microsoft Bulletin MS15-103.
Description:	Summary: This host is missing an important security update according to Microsoft Bulletin MS15-103. Vulnerability Insight: Flaw is due to Microsoft Exchange web applications when Exchange does not properly manage same-origin policy. Vulnerability Impact: Successful exploitation will allow remote attackers to scan and attack systems behind a firewall that are normally inaccessible from the outside world, enumerate and attack services that are running on these host systems and exploit host-based authentication services. Affected Software/OS: - Microsoft Exchange Server 2013 SP1 - Microsoft Exchange Server 2013 Cumulative Update 9 and - Microsoft Exchange Server 2013 Cumulative Update 8 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-2505 Microsoft Security Bulletin: MS15-103 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-103 http://www.securitytracker.com/id/1033495 Common Vulnerability Exposure (CVE) ID: CVE-2015-2543 Common Vulnerability Exposure (CVE) ID: CVE-2015-2544
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.