CVE-2015-2505
published 2015-09-09CVE-2015-2505: Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 and SP1 allows remote attackers to obtain sensitive stacktrace information…
PriorityP431medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
18.24%
96.9th percentile
Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 and SP1 allows remote attackers to obtain sensitive stacktrace information via a crafted request, aka "Exchange Information Disclosure Vulnerability."
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | exchange_server | — | — |
| mozilla | firefox | >= 0 < 36.0.1+build2-0ubuntu0.14.04.1 | 36.0.1+build2-0ubuntu0.14.04.1 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5883-7989-7q8m: Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 and SP1 allows remote attackers to obtain sensitive stacktrace in
ghsa_unreviewed·2022-05-14
CVE-2015-2505 [MEDIUM] CWE-200 GHSA-5883-7989-7q8m: Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 and SP1 allows remote attackers to obtain sensitive stacktrace in
Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 and SP1 allows remote attackers to obtain sensitive stacktrace information via a crafted request, aka "Exchange Information Disclosure Vulnerability."
OSV
firefox regression
osv·2015-03-09·CVSS 4.3
firefox regression
firefox regression
USN-2505-1 fixed vulnerabilities in Firefox. This update removed the
deprecated "-remote" command-line switch that some older software still
depends on. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Matthew Noorenberghe discovered that allowlisted Mozilla domains could
make UITour API calls from background tabs. If one of these domains were
compromised and open in a background tab, an attacker could potentially
exploit this to conduct clickjacking attacks. (CVE-2015-0819)
Jan de Mooij discovered an issue that affects content using the Caja
Compiler. If web content loads specially crafted code, this could be used
to bypass sandboxing security measures provided by Caja. (CVE-2015-0820)
Armin Razmdjou discovered that ope
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday - September 2015
blogs_talos·2015-09-08·CVSS 9.3
[CRITICAL] Microsoft Patch Tuesday - September 2015
Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release sees a total of 12 bulletins released which address 55 CVEs. Five bulletins are rated "Critical" this month and address vulnerabilities in Edge, Graphics Component, Internet Explorer, Journal, and Office. The other seven bulletins are rated "Important" and address vulnerabilities in the .NET Framework, Active Directory, Exchange, Hyper-V, Media Center, Skype for Business, and Task Management.
## Bulletins Rated CriticalMS15-094, MS15-095, MS15-097, MS-098, and MS15-099 are rated "Critical".
MS15-094 is this month's Internet Explorer security bulletin. Seventeen CVEs are addressed this month which affected Internet Explorer versions
Talos
Microsoft Patch Tuesday - September 2015
blogs_talos·2015-09-08·CVSS 9.3
[CRITICAL] Microsoft Patch Tuesday - September 2015
## Microsoft Patch Tuesday - September 2015
Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release sees a total of 12 bulletins released which address 55 CVEs. Five bulletins are rated "Critical" this month and address vulnerabilities in Edge, Graphics Component, Internet Explorer, Journal, and Office. The other seven bulletins are rated "Important" and address vulnerabilities in the .NET Framework, Active Directory, Exchange, Hyper-V, Media Center, Skype for Business, and Task Management.
## Bulletins Rated Critical MS15-094, MS15-095, MS15-097, MS-098, and MS15-099 are rated "Critical".
MS15-094 is this month's Internet Explorer security bulletin. Seventeen CVEs are addressed this m
2015-09-09
Published