Oval Definition:	oval:org.mitre.oval:def:28811
Revision Date: 2015-04-27 Version: 3 Title: OWA modified canary parameter cross site scripting vulnerability - CVE-2015-1628 (MS15-026) Description: Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted X-OWA-Canary cookie in an AD.RecipientType.User action, aka "OWA Modified Canary Parameter Cross Site Scripting Vulnerability." Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2015-1628 Platform(s): Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Product(s): Microsoft Exchange Server 2013 Definition Synopsis Exchange Server 2013 and vulnerable file version Microsoft Exchange Server 2013 is installed AND Check if the version of Exsetup.exe is less than 15.0.847.38 OR Exchange Server 2013 CU7 and vulnerable file version Microsoft Exchange Server 2013 Cumulative Update 7 is installed AND Check if the version of Exsetup.exe is less than 15.0.1044.29
BACK