CVE-2016-0028

Outlook Web Access (OWA) in Microsoft Exchange Server 2013 SP1, Cumulative Update 11, and Cumulative Update 12 and 2016 Gold and Cumulative Update 1 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, aka "Microsoft Exchange Information Disclosure Vulnerability."
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:microsoft:exchange_server:2016:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_11:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_12:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:2013:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_1:*:*:*:*:*:*
cpe:2.3:a:microsoft:outlook_web_access:*:*:*:*:*:*:*:*

Information

Published : 2016-06-15 18:59

Updated : 2018-10-12 15:10


NVD link : CVE-2016-0028

Mitre link : CVE-2016-0028


JSON object : View

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

dedicated server usa

Products Affected

microsoft

  • outlook_web_access
  • exchange_server