Описание
Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- ExploitIssue TrackingMailing ListThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- ExploitIssue TrackingMailing ListThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:microsoft:exchange_server:2010:sp3_rollup1:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:2010:sp3_rollup10:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:2010:sp3_rollup11:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:2010:sp3_rollup12:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:2010:sp3_rollup13:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:2010:sp3_rollup14:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:2010:sp3_rollup15:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:2010:sp3_rollup16:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:2010:sp3_rollup17:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:2010:sp3_rollup18:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:2010:sp3_rollup2:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:2010:sp3_rollup3:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:2010:sp3_rollup4:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:2010:sp3_rollup5:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:2010:sp3_rollup6:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:2010:sp3_rollup7:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:2010:sp3_rollup8:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:2010:sp3_rollup9:*:*:*:*:*:*
EPSS
Процентиль: 78%
0.01115
Низкий
8.6 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-918
Связанные уязвимости
CVSS3: 8.6
github
больше 3 лет назад
Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page.
EPSS
Процентиль: 78%
0.01115
Низкий
8.6 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-918