Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Microsoft Exchange Server
Опубликовано:16 декабря 2013 г.
Источник:
SecurityVulns ID:13455
Тип:удаленная
Уровень опасности:
9/10
Описание:Выполнение кода в machine authentication check, меэсайтовый скриптинг, уязвимости в компонентах Oracle.
Затронутые продукты:MICROSOFT : Exchange 2007
 MICROSOFT : Exchange 2010
 MICROSOFT : Exchange 2013
CVE:CVE-2013-5791 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. NOTE: the previous information is from the October 2013 CPU. Oracle has not commented on claims from a third party that the issue is a stack-based buffer overflow in the Microsoft Access 1.x parser in vsacs.dll before 8.4.0.108 and before 8.4.1.52, which allows attackers to execute arbitrary code via a long field (aka column) name.)
 CVE-2013-5763 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Maintenance. NOTE: the original disclosure of this issue erroneously mapped it to CVE-2013-3624.)
 CVE-2013-5072 (Cross-site scripting (XSS) vulnerability in Outlook Web Access in Microsoft Exchange Server 2010 SP2 and SP3 and 2013 Cumulative Update 2 and 3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability.")
 CVE-2013-1330 (The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Office Web Apps 2010 does not set the EnableViewStateMac attribute, which allows remote attackers to execute arbitrary code by leveraging an unassigned workflow, aka "MAC Disabled Vulnerability.")

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород