| ID |
CVE-2015-1764
|
| Summary |
The web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allow remote attackers to bypass the Same Origin Policy and send HTTP traffic to intranet servers via a crafted request, related to a Server-Side Request Forgery (SSRF) issue, aka "Exchange Server-Side Request Forgery Vulnerability." |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 4.3 (as of 12-10-2018 - 22:09) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| NONE |
PARTIAL |
NONE |
|
| cvss-vector
via4
|
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
| msbulletin
via4
|
| bulletin_id | MS15-064 | | bulletin_url | | | date | 2015-06-09T00:00:00 | | impact | Elevation of Privilege | | knowledgebase_id | 3062157 | | knowledgebase_url | | | severity | Important | | title | Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege |
|
| refmap
via4
|
| bid | 75007 | | sectrack | 1032528 |
|
| Last major update |
12-10-2018 - 22:09 |
| Published |
10-06-2015 - 01:59 |
| Last modified |
12-10-2018 - 22:09 |
