CVE-2015-2505

Microsoft Exchange Server 2013 Cumulative Update 8 and 9 and SP1 - Information Disclosure via Crafted OWA Request

Title source: llm
STIX 2.1

Description

Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 and SP1 allows remote attackers to obtain sensitive stacktrace information via a crafted request, aka "Exchange Information Disclosure Vulnerability."

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1033495

Scores

EPSS 0.1824
EPSS Percentile 96.9%

Details

CWE
CWE-200
Status published
Products (1)
microsoft/exchange_server 2013 cumulative_update_8 (3 CPE variants)
Published Sep 09, 2015
Tracked Since Feb 18, 2026