CVE Vulnerabilities

CVE-2015-1764

Published: Jun 10, 2015 | Modified: Oct 12, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

The web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allow remote attackers to bypass the Same Origin Policy and send HTTP traffic to intranet servers via a crafted request, related to a Server-Side Request Forgery (SSRF) issue, aka Exchange Server-Side Request Forgery Vulnerability.

Affected Software

Name Vendor Start Version End Version
Exchange_server Microsoft 2013 2013
Exchange_server Microsoft 2013 2013

References