This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2016-01-13
Product Exchange Server Last view 2019-07-15
Version 2016 Type Application
Update -  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:microsoft:exchange_server

Activity : Overall

Related : CVE

  Date Alert Description
5.4 2019-07-15 CVE-2019-1137

A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'.

7.4 2018-11-13 CVE-2018-8581

An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.

8.8 2018-04-04 CVE-2018-0986

A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption, aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability." This affects Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, Microsoft Exchange Server, Microsoft System Center, Microsoft Forefront Endpoint Protection.

6.1 2017-09-12 CVE-2017-8758

Microsoft Exchange Server 2016 allows an elevation of privilege vulnerability when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability."

6.1 2016-01-13 CVE-2016-0032

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, 2013 Cumulative Update 11, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability."

6.1 2016-01-13 CVE-2016-0031

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability," a different vulnerability than CVE-2016-0029.

6.1 2016-01-13 CVE-2016-0030

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability."

6.1 2016-01-13 CVE-2016-0029

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability," a different vulnerability than CVE-2016-0031.

CWE : Common Weakness Enumeration

%idName
85% (6) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
14% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

Snort® IPS/IDS

Date Description
2019-11-21 Microsoft Exchange Server PushSubscriptionRequest setup attempt
RuleID : 51966 - Type : POLICY-OTHER - Revision : 1
2019-03-12 NTLM authentication relay attempt
RuleID : 49171 - Type : OS-WINDOWS - Revision : 1
2019-03-09 Microsoft Exchange Server NTLM relay attack attempt
RuleID : 49100 - Type : SERVER-OTHER - Revision : 2
2018-05-08 Microsoft Windows Defender malformed RAR memory corruption attempt
RuleID : 46164 - Type : FILE-OTHER - Revision : 1
2018-05-08 Microsoft Windows Defender malformed RAR memory corruption attempt
RuleID : 46163 - Type : FILE-OTHER - Revision : 1

Nessus® Vulnerability Scanner

id Description
2018-04-04 Name: An antimalware application installed on the remote host is affected by a remo...
File: microsoft_mpeng_1_1_14700_5.nasl - Type: ACT_GATHER_INFO
2017-09-12 Name: The Microsoft Exchange Server installed on the remote host is affected by mul...
File: smb_nt_ms17_sep_exchange.nasl - Type: ACT_GATHER_INFO
2016-01-13 Name: The remote Microsoft Exchange server is affected by multiple spoofing vulnera...
File: smb_nt_ms16-010.nasl - Type: ACT_GATHER_INFO