Vulnerabilities > CVE-2018-16793 - Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server 2010
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 18 |
Common Weakness Enumeration (CWE)
References
- http://packetstormsecurity.com/files/149411/Rollup-18-For-Microsoft-Exchange-Server-2010-SP3-Server-Side-Request-Forgery.html
- http://packetstormsecurity.com/files/149411/Rollup-18-For-Microsoft-Exchange-Server-2010-SP3-Server-Side-Request-Forgery.html
- http://seclists.org/fulldisclosure/2018/Sep/20
- http://seclists.org/fulldisclosure/2018/Sep/20
- http://www.securityfocus.com/bid/105386
- http://www.securityfocus.com/bid/105386
- https://seclists.org/bugtraq/2018/Sep/38
- https://seclists.org/bugtraq/2018/Sep/38