Microsoft Exchange Server 2013 CU 10/2013 SP1/2016 Outlook Web Access cross site scripting
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.8 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Microsoft Exchange Server 2013 CU 10/2013 SP1/2016. It has been rated as critical. This issue affects some unknown processing of the component Outlook Web Access. This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2016-0030. The attack is possible to be carried out remotely. No exploit exists. To fix this issue, it is recommended to deploy a patch.
Details
A vulnerability classified as critical was found in Microsoft Exchange Server 2013 CU 10/2013 SP1/2016 (Groupware Software). Affected by this vulnerability is an unknown function of the component Outlook Web Access. The manipulation with an unknown input leads to a cross site scripting vulnerability. The CWE definition for the vulnerability is CWE-79. The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. As an impact it is known to affect confidentiality, and integrity. The summary by CVE is:
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability."
The weakness was disclosed 01/12/2016 by Alex as MS16-010 as confirmed bulletin (Technet). It is possible to read the advisory at technet.microsoft.com. This vulnerability is known as CVE-2016-0030 since 12/04/2015. The exploitation appears to be easy. The attack can be launched remotely. The exploitation doesn't need any form of authentication. It demands that the victim is doing some kind of user interaction. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1059.007 according to MITRE ATT&CK.
The vulnerability scanner Nessus provides a plugin with the ID 87895 (MS16-010: Security Update in Microsoft Exchange Server to Address Spoofing (3124557)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows : Microsoft Bulletins and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 53002 (Microsoft Exchange Server Address Spoofing Vulnerabilities (MS16-010)).
Applying the patch MS16-010 is able to eliminate this problem. The bugfix is ready for download at technet.microsoft.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Tenable (87895), SecurityFocus (BID 79890†), SecurityTracker (ID 1034647†) and Vulnerability Center (SBV-55642†). The entries VDB-80226, VDB-80228 and VDB-80229 are pretty similar. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.microsoft.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.1VulDB Meta Temp Score: 5.9
VulDB Base Score: 6.1
VulDB Temp Score: 5.8
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 6.1
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Cross site scriptingCWE: CWE-79 / CWE-94 / CWE-74
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 87895
Nessus Name: MS16-010: Security Update in Microsoft Exchange Server to Address Spoofing (3124557)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 800166
OpenVAS Name: Microsoft Exchange Server Address Spoofing Vulnerabilities (3124557)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Patch: MS16-010
Timeline
12/04/2015 🔍01/12/2016 🔍
01/12/2016 🔍
01/12/2016 🔍
01/12/2016 🔍
01/12/2016 🔍
01/13/2016 🔍
01/13/2016 🔍
01/13/2016 🔍
01/14/2016 🔍
06/21/2018 🔍
Sources
Vendor: microsoft.comAdvisory: MS16-010
Researcher: Alex
Status: Confirmed
CVE: CVE-2016-0030 (🔍)
GCVE (CVE): GCVE-0-2016-0030
GCVE (VulDB): GCVE-100-80227
SecurityFocus: 79890 - Microsoft Exchange Server CVE-2016-0030 Spoofing Vulnerability
SecurityTracker: 1034647
Vulnerability Center: 55642 - [MS16-010] Microsoft Exchange Server 2016 and 2013 Remote XSS and Spoofing Vulnerability - CVE-2016-0030, Medium
See also: 🔍
Entry
Created: 01/14/2016 10:44Updated: 06/21/2018 08:57
Changes: 01/14/2016 10:44 (72), 06/21/2018 08:57 (20)
Complete: 🔍
Cache ID: 216::103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.