CVE-2015-2505

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server versions 2013 Cumulative Update 8 through 2013 Cumulative Update 9 and 2013 SP1

Description The issue is related to the lack of protection for service data in the Outlook Web Access component of Microsoft Exchange Server. This can be exploited by a remote attacker using a specially crafted request to gain access to protected information. The vulnerability allows attackers to obtain sensitive stacktrace information, which could include details about the system's internal workings. An attacker would need to create a specially crafted web application request to exploit this issue.

Recommendations For Microsoft Exchange Server 2013 Cumulative Update 8, update to a version that includes the fix for this issue. For Microsoft Exchange Server 2013 Cumulative Update 9, update to a version that includes the fix for this issue. For Microsoft Exchange Server 2013 SP1, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Outlook Web Access component until a patch is available.