Oval Definition:	oval:org.mitre.oval:def:28425
Revision Date: 2015-01-26 Version: 5 Title: Outlook Web App token spoofing vulnerability (CVE-2014-6319) - MS14-075 Description: Outlook Web App (OWA) in Microsoft Exchange Server 2007 SP3, 2010 SP3, and 2013 SP1 and Cumulative Update 6 does not properly validate tokens in requests, which allows remote attackers to spoof the origin of e-mail messages via unspecified vectors, aka "Outlook Web App Token Spoofing Vulnerability." Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2014-6319 Platform(s): Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Product(s): Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft Exchange Server 2013 Definition Synopsis Exchange Server 2007 and vulnerable file version Microsoft Exchange Server 2007 (no Service Pack) is installed AND Check if the version of exsetup.exe is less than 8.03.0389.002 OR Exchange Server 2010 and vulnerable file version Microsoft Exchange Server 2010 is installed AND Check if the version of ExSetup.exe is less than 14.03.0224.001 OR Exchange Server 2013 and vulnerable file version Microsoft Exchange Server 2013 is installed AND Check if the version of ExSetup.exe is less than 15.00.0847.035 OR Exchange 2013 CU 6 and vulnerable file version Check if the version of ExSetup.exe is less than 15.00.0995.034 AND Microsoft Exchange Server 2013 Cumulative Update 6 is installed
BACK