Spoofing attack in Microsoft Exchange OWA
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-11932 |
| CWE-ID | CWE-451 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Microsoft Exchange Server Server applications / Mail servers |
| Vendor | Microsoft |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Spoofing attack
EUVDB-ID: #VU9641
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-11932
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to error in Outlook Web Access (OWA) in Microsoft Exchange Server when parsing HTTP requests. A remote attacker can perform script or content injection attacks, and attempt to trick the user into disclosing sensitive information.
Additionally Microsoft has released an update for Microsoft Exchange that provides enhanced security as a defense-in-depth measure.
Install updates from vendor's website.
Vulnerable software versionsMicrosoft Exchange Server: 2016 Cumulative Update 6 15.01.1034.026 - 2016 Cumulative Update 7 15.01.1261.035
CPE2.3 External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11932
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170023
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
