Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for Microsoft Exchange Server by Microsoft Corporation

    CVE-2017-11932 (GCVE-0-2017-11932)

    Vulnerability from nvd – Published: 2017-12-12 21:00 – Updated: 2024-09-17 04:29
    VLAI
    Summary
    Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka "Microsoft Exchange Spoofing Vulnerability".
    Severity
    No CVSS data available.
    CWE
    • Spoofing
    Assigner
    References
    URL Tags
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1039996 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/102060 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    Microsoft Corporation Microsoft Exchange Server Affected: Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5
    Create a notification for this product.
    Date Public
    2017-12-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:28:15.050Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11932"
              },
              {
                "name": "1039996",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039996"
              },
              {
                "name": "102060",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102060"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Exchange Server",
              "vendor": "Microsoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5"
                }
              ]
            }
          ],
          "datePublic": "2017-12-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka \"Microsoft Exchange Spoofing Vulnerability\"."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Spoofing",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-13T10:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11932"
            },
            {
              "name": "1039996",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039996"
            },
            {
              "name": "102060",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102060"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "DATE_PUBLIC": "2017-12-12T00:00:00",
              "ID": "CVE-2017-11932",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft Exchange Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka \"Microsoft Exchange Spoofing Vulnerability\"."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Spoofing"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11932",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11932"
                },
                {
                  "name": "1039996",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039996"
                },
                {
                  "name": "102060",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102060"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-11932",
        "datePublished": "2017-12-12T21:00:00.000Z",
        "dateReserved": "2017-07-31T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:29:17.714Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-11761 (GCVE-0-2017-11761)

    Vulnerability from nvd – Published: 2017-09-13 01:00 – Updated: 2024-09-17 03:02
    VLAI
    Summary
    Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allow an input sanitization issue with Microsoft Exchange that could potentially result in unintended Information Disclosure, aka "Microsoft Exchange Information Disclosure Vulnerability"
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    URL Tags
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1039320 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/100731 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    Microsoft Corporation Microsoft Exchange Server Affected: Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016
    Create a notification for this product.
    Date Public
    2017-09-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:19:39.106Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11761"
              },
              {
                "name": "1039320",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039320"
              },
              {
                "name": "100731",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/100731"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Exchange Server",
              "vendor": "Microsoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016"
                }
              ]
            }
          ],
          "datePublic": "2017-09-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allow an input sanitization issue with Microsoft Exchange that could potentially result in unintended Information Disclosure, aka \"Microsoft Exchange Information Disclosure Vulnerability\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-13T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11761"
            },
            {
              "name": "1039320",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039320"
            },
            {
              "name": "100731",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/100731"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "DATE_PUBLIC": "2017-09-12T00:00:00",
              "ID": "CVE-2017-11761",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft Exchange Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allow an input sanitization issue with Microsoft Exchange that could potentially result in unintended Information Disclosure, aka \"Microsoft Exchange Information Disclosure Vulnerability\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11761",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11761"
                },
                {
                  "name": "1039320",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039320"
                },
                {
                  "name": "100731",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/100731"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-11761",
        "datePublished": "2017-09-13T01:00:00.000Z",
        "dateReserved": "2017-07-31T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:02:51.278Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-11932 (GCVE-0-2017-11932)

    Vulnerability from cvelistv5 – Published: 2017-12-12 21:00 – Updated: 2024-09-17 04:29
    VLAI
    Summary
    Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka "Microsoft Exchange Spoofing Vulnerability".
    Severity
    No CVSS data available.
    CWE
    • Spoofing
    Assigner
    References
    URL Tags
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1039996 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/102060 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    Microsoft Corporation Microsoft Exchange Server Affected: Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5
    Create a notification for this product.
    Date Public
    2017-12-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:28:15.050Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11932"
              },
              {
                "name": "1039996",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039996"
              },
              {
                "name": "102060",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102060"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Exchange Server",
              "vendor": "Microsoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5"
                }
              ]
            }
          ],
          "datePublic": "2017-12-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka \"Microsoft Exchange Spoofing Vulnerability\"."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Spoofing",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-13T10:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11932"
            },
            {
              "name": "1039996",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039996"
            },
            {
              "name": "102060",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102060"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "DATE_PUBLIC": "2017-12-12T00:00:00",
              "ID": "CVE-2017-11932",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft Exchange Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka \"Microsoft Exchange Spoofing Vulnerability\"."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Spoofing"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11932",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11932"
                },
                {
                  "name": "1039996",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039996"
                },
                {
                  "name": "102060",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102060"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-11932",
        "datePublished": "2017-12-12T21:00:00.000Z",
        "dateReserved": "2017-07-31T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:29:17.714Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-11761 (GCVE-0-2017-11761)

    Vulnerability from cvelistv5 – Published: 2017-09-13 01:00 – Updated: 2024-09-17 03:02
    VLAI
    Summary
    Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allow an input sanitization issue with Microsoft Exchange that could potentially result in unintended Information Disclosure, aka "Microsoft Exchange Information Disclosure Vulnerability"
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    URL Tags
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1039320 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/100731 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    Microsoft Corporation Microsoft Exchange Server Affected: Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016
    Create a notification for this product.
    Date Public
    2017-09-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:19:39.106Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11761"
              },
              {
                "name": "1039320",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039320"
              },
              {
                "name": "100731",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/100731"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Exchange Server",
              "vendor": "Microsoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016"
                }
              ]
            }
          ],
          "datePublic": "2017-09-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allow an input sanitization issue with Microsoft Exchange that could potentially result in unintended Information Disclosure, aka \"Microsoft Exchange Information Disclosure Vulnerability\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-13T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11761"
            },
            {
              "name": "1039320",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039320"
            },
            {
              "name": "100731",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/100731"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "DATE_PUBLIC": "2017-09-12T00:00:00",
              "ID": "CVE-2017-11761",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft Exchange Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allow an input sanitization issue with Microsoft Exchange that could potentially result in unintended Information Disclosure, aka \"Microsoft Exchange Information Disclosure Vulnerability\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11761",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11761"
                },
                {
                  "name": "1039320",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039320"
                },
                {
                  "name": "100731",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/100731"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-11761",
        "datePublished": "2017-09-13T01:00:00.000Z",
        "dateReserved": "2017-07-31T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:02:51.278Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2013-000071

    Vulnerability from jvndb - Published: 2013-07-17 13:56 - Updated:2013-08-28 14:31
    Severity
    N/A (UNKNOWN) - -
    Summary
    Oracle Outside In vulnerable to denial-of-service (DoS)
    Details
    Oracle Outside In is a library to decode over 500 file types. Oracle Outside In contains a denial-of-service (DoS) vulnerability. Takahiro Haruyama of Internet Initiative Japan Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000071.html",
      "dc:date": "2013-08-28T14:31+09:00",
      "dcterms:issued": "2013-07-17T13:56+09:00",
      "dcterms:modified": "2013-08-28T14:31+09:00",
      "description": "Oracle Outside In is a library to decode over 500 file types. Oracle Outside In contains a denial-of-service (DoS) vulnerability.\r\n\r\nTakahiro Haruyama of Internet Initiative Japan Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000071.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:ibm:websphere_portal",
          "@product": "IBM WebSphere Portal",
          "@vendor": "IBM Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:microsoft:exchange_server",
          "@product": "Microsoft Exchange Server",
          "@vendor": "Microsoft Corporation",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "5.0",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2013-000071",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN68663052/index.html",
          "@id": "JVN#68663052",
          "@source": "JVN"
        },
        {
          "#text": "http://jvn.jp/cert/JVNTA13-225A/index.html",
          "@id": "JVNTA13-225A",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3776",
          "@id": "CVE-2013-3776",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3776",
          "@id": "CVE-2013-3776",
          "@source": "NVD"
        },
        {
          "#text": "http://www.ipa.go.jp/security/ciadr/vul/20130814-ms.html",
          "@id": "Security Updates Available for Microsoft (August 2013)",
          "@source": "IPA SECURITY ALERTS"
        },
        {
          "#text": "http://www.jpcert.or.jp/at/2013/at130035.html",
          "@id": "JPCERT-AT-2013-0035",
          "@source": "JPCERT-WR"
        },
        {
          "#text": "http://www.npa.go.jp/cyberpolice/topics/?seq=12042",
          "@id": "Microsoft Security Bulletin for August 2013",
          "@source": "AT-POLICE"
        },
        {
          "#text": "http://www.us-cert.gov/ncas/alerts/TA13-225A",
          "@id": "TA13-225",
          "@source": "CERT-TA"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-noinfo",
          "@title": "No Mapping(CWE-noinfo)"
        }
      ],
      "title": "Oracle Outside In vulnerable to denial-of-service (DoS)"
    }

    JVNDB-2013-000070

    Vulnerability from jvndb - Published: 2013-07-17 13:45 - Updated:2014-02-24 16:38
    Severity
    N/A (UNKNOWN) - -
    Summary
    Oracle Outside In vulnerable to buffer overflow
    Details
    Oracle Outside In is a library to decode over 500 file types. Oracle Outside In contains a buffer overflow vulnerability. Takahiro Haruyama of Internet Initiative Japan Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000070.html",
      "dc:date": "2014-02-24T16:38+09:00",
      "dcterms:issued": "2013-07-17T13:45+09:00",
      "dcterms:modified": "2014-02-24T16:38+09:00",
      "description": "Oracle Outside In is a library to decode over 500 file types. Oracle Outside In contains a buffer overflow vulnerability.\r\n\r\nTakahiro Haruyama of Internet Initiative Japan Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000070.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:ibm:websphere_portal",
          "@product": "IBM WebSphere Portal",
          "@vendor": "IBM Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:microsoft:exchange_server",
          "@product": "Microsoft Exchange Server",
          "@vendor": "Microsoft Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:oracle:fusion_middleware",
          "@product": "Oracle Fusion Middleware",
          "@vendor": "Oracle Corporation",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "7.5",
        "@severity": "High",
        "@type": "Base",
        "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2013-000070",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN07497769/index.html",
          "@id": "JVN#07497769",
          "@source": "JVN"
        },
        {
          "#text": "http://jvn.jp/cert/JVNTA13-225A/index.html",
          "@id": "JVNTA13-225A",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3781",
          "@id": "CVE-2013-3781",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3781",
          "@id": "CVE-2013-3781",
          "@source": "NVD"
        },
        {
          "#text": "http://www.ipa.go.jp/security/ciadr/vul/20130717-jvn.html",
          "@id": "Security Updates Available for Oracle Outside In (JVN#07497769)",
          "@source": "IPA SECURITY ALERTS"
        },
        {
          "#text": "http://www.ipa.go.jp/security/ciadr/vul/20130814-ms.html",
          "@id": "Security Updates Available for Microsoft (August 2013) ",
          "@source": "IPA SECURITY ALERTS"
        },
        {
          "#text": "http://www.jpcert.or.jp/at/2013/at130035.html",
          "@id": "JPCERT-AT-2013-0035",
          "@source": "JPCERT-WR"
        },
        {
          "#text": "http://www.npa.go.jp/cyberpolice/topics/?seq=12042",
          "@id": "Microsoft Security Bulletin for August 2013",
          "@source": "AT-POLICE"
        },
        {
          "#text": "http://www.us-cert.gov/ncas/alerts/TA13-225A",
          "@id": "TA13-225",
          "@source": "CERT-TA"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-119",
          "@title": "Buffer Errors(CWE-119)"
        }
      ],
      "title": "Oracle Outside In vulnerable to buffer overflow"
    }