Oval Definition:	oval:org.mitre.oval:def:28748
Revision Date: 2015-04-27 Version: 3 Title: ExchangeDLP cross site scripting vulnerability - CVE-2015-1629 (MS15-026) Description: Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "ExchangeDLP Cross Site Scripting Vulnerability." Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2015-1629 Platform(s): Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Product(s): Microsoft Exchange Server 2013 Definition Synopsis Exchange Server 2013 and vulnerable file version Microsoft Exchange Server 2013 is installed AND Check if the version of Exsetup.exe is less than 15.0.847.38 OR Exchange Server 2013 CU7 and vulnerable file version Microsoft Exchange Server 2013 Cumulative Update 7 is installed AND Check if the version of Exsetup.exe is less than 15.0.1044.29
BACK