Oval Definition:	oval:org.mitre.oval:def:27900
Revision Date: 2015-04-27 Version: 3 Title: Exchange error message cross site scripting vulnerability - CVE-2015-1632 (MS15-026) Description: Cross-site scripting (XSS) vulnerability in errorfe.aspx in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via the msgParam parameter in an authError action, aka "Exchange Error Message Cross Site Scripting Vulnerability." Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2015-1632 Platform(s): Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Product(s): Microsoft Exchange Server 2013 Definition Synopsis Exchange Server 2013 and vulnerable file version Microsoft Exchange Server 2013 is installed AND Check if the version of Exsetup.exe is less than 15.0.847.38 OR Exchange Server 2013 CU7 and vulnerable file version Microsoft Exchange Server 2013 Cumulative Update 7 is installed AND Check if the version of Exsetup.exe is less than 15.0.1044.29
BACK