CVE-2017-11932

Опубликовано: 12 дек. 2017

Источник: nvd

CVSS3: 8.1

CVSS2: 5.8

EPSS Средний

Описание

Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka "Microsoft Exchange Spoofing Vulnerability".

Ссылки

http://www.securityfocus.com/bid/102060
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039996
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11932
Patch
Vendor Advisory
http://www.securityfocus.com/bid/102060
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039996
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11932
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_6:*:*:*:*:*:*

cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_7:*:*:*:*:*:*

EPSS

Процентиль: 93%

0.11456

Средний

8.1 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2017-11932

msrc

больше 7 лет назад

Microsoft Exchange Spoofing Vulnerability

GHSA-fg2h-gf84-hw5h