CVE-2015-1764

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server 2013 SP1 Microsoft Exchange Server Cumulative Update 8

Description The issue is related to a Server-Side Request Forgery (SSRF) problem, where remote attackers can bypass the Same Origin Policy and send HTTP traffic to intranet servers via a crafted request. This could allow an attacker to scan and attack systems behind a firewall, enumerate and attack services running on host systems, and exploit host-based authentication services.

Recommendations For Microsoft Exchange Server 2013 SP1, update to a version that includes the fix for this issue. For Microsoft Exchange Server Cumulative Update 8, apply the necessary patches or updates to resolve the Server-Side Request Forgery (SSRF) vulnerability. As a temporary workaround, consider restricting access to the vulnerable web applications until a patch is available.