Microsoft Exchange Server Outlook Web Access Cross Site Request Forgery Vulnerability

Microsoft Exchange Server Outlook Web Access is prone to a cross-site request-forgery vulnerability.

Exploiting this issue may allow a remote attacker to perform certain actions in the context of an authorized user's session and gain unauthorized access to the affected application; other attacks are also possible.

Microsoft Exchange Server 2007 versions prior to Service Pack 3 are reported to be vulnerable.


Desde Vulnerability Team exortamos a los usuarios y administradores revisar las notificaciones y aplicar las actualizaciones necesarias, para ayudar a mitigar los riesgos.

fuente: securityfocus.com 

0 comentarios: