← Back

CVE-2018-16793

nvd nist
Published: Sep 21, 2018Modified: Nov 21, 2024

JSON object

Loading...
8.6
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Exploitability: 3.9 / Impact: 4.0
Source: NVD

Description

Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page.

Affected (18)

Microsoft
1 product
Exchange Server
Configuration A
18 vulnerable
Vulnerable SoftwareAffected Versions
Microsoft
Exchange Server
Version 2010 sp3_rollup10
Exchange Server
Version 2010 sp3_rollup11
Exchange Server
Version 2010 sp3_rollup12
Exchange Server
Version 2010 sp3_rollup13
Exchange Server
Version 2010 sp3_rollup14
Exchange Server
Version 2010 sp3_rollup15
Exchange Server
Version 2010 sp3_rollup16
Exchange Server
Version 2010 sp3_rollup17
Exchange Server
Version 2010 sp3_rollup18
Exchange Server
Version 2010 sp3_rollup1
Exchange Server
Version 2010 sp3_rollup2
Exchange Server
Version 2010 sp3_rollup3
Exchange Server
Version 2010 sp3_rollup4
Exchange Server
Version 2010 sp3_rollup5
Exchange Server
Version 2010 sp3_rollup6
Exchange Server
Version 2010 sp3_rollup7
Exchange Server
Version 2010 sp3_rollup8
Exchange Server
Version 2010 sp3_rollup9

Related CWEs

CWE-918
Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (8)

Source: cve@mitre.org
ExploitThird Party AdvisoryVDB Entry
Source: cve@mitre.org
ExploitMailing ListThird Party Advisory
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
ExploitIssue TrackingMailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitMailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingMailing ListThird Party Advisory

Timeline

No history available yet.