Oval Definition:	oval:org.mitre.oval:def:28291
Revision Date: 2015-01-26 Version: 5 Title: OWA XSS vulnerability (CVE-2014-6325) - MS14-075 Description: Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability," a different vulnerability than CVE-2014-6326. Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2014-6325 Platform(s): Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Product(s): Microsoft Exchange Server 2013 Definition Synopsis Exchange Server 2013 and vulnerable file version Microsoft Exchange Server 2013 is installed AND Check if the version of ExSetup.exe is less than 15.00.0847.035 OR Exchange 2013 CU 6 and vulnerable file version Check if the version of ExSetup.exe is less than 15.00.0995.034 AND Microsoft Exchange Server 2013 Cumulative Update 6 is installed
BACK