6.8

CVE-2010-3213

Exploit
Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftOutlook Web Access Version2007
MicrosoftOutlook Web Access Version2007 Updatesp1
MicrosoftOutlook Web Access Version2007 Updatesp2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.38% 0.943
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

http://sites.google.com/site/tentacoloviola/pwning-corporate-webmails
Exploit
http://www.exploit-db.com/exploits/14285
Exploit
http://www.securityfocus.com/bid/41462
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/60164