PT-2014-7152 · Microsoft · Exchange Server+1

Published

2014-12-09

Updated

2018-10-12

CVE-2014-6319

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server versions 2007 SP3 through 2013 SP1 and Cumulative Update 6

Description A token spoofing issue exists due to the improper validation of tokens in requests by the Outlook Web App (OWA) in Microsoft Exchange Server. This allows remote attackers to spoof the origin of email messages, potentially sending emails that appear to come from a trusted source rather than the actual sender.

Recommendations For Microsoft Exchange Server 2007 SP3, update to a version that includes the fix for this issue. For Microsoft Exchange Server 2010 SP3, update to a version that includes the fix for this issue. For Microsoft Exchange Server 2013 SP1 and Cumulative Update 6, update to a version that includes the fix for this issue.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2014-6319

Affected Products

Exchange Server

Outlook Web App

PT-2014-7152 · Microsoft · Exchange Server+1

CVE-2014-6319

Weakness Enumeration

Related Identifiers

Affected Products

References · 5