Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1628

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2015-1628
Last Modified 11 Sep 2015 11:52:59
Published 11 Mar 2015 06:59:31
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2015-1628

Summary

Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted X-OWA-Canary cookie in an AD.RecipientType.User action, aka "OWA Modified Canary Parameter Cross Site Scripting Vulnerability."

Vulnerable Systems

Application

  • Microsoft Exchange Server 2013


References

MS - MS15-026

SECTRACK - 1031900

Related Patches

MS15-026 Security Update For Exchange Server 2013 SP1 (KB3040856)

MS15-026 Security Update For Exchange Server 2013 CU7 (KB3040856)


Last Updated: 27 May 2016 11:08:04