CVE-2016-3378

HIGH Year: 2016
CVSS v3 Score
7.4
High
CVSS v2 Score
5.8
Medium
Weakness Type
CWE-20
View all →

Vulnerability Description

Open redirect vulnerability in Microsoft Exchange Server 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "Microsoft Exchange Open Redirect Vulnerability."

Related Vulnerabilities

CVE-2012-0051

HIGH
CVSS:7.4(High)

Tahoe-LAFS 1.9.0 fails to ensure integrity which allows remote attackers to corrupt mutable files or directories upon retrieval.

CWE-202012

CVE-2012-1326

HIGH
CVSS:7.4(High)

Cisco IronPort Web Security Appliance up to and including 7.5 does not validate the basic constraints of the certificate authority which could lead to MITM attacks

CWE-202012

CVE-2013-0243

HIGH
CVSS:7.4(High)

haskell-tls-extra before 0.6.1 has Basic Constraints attribute vulnerability may lead to Man in the Middle attacks on TLS connections

CWE-202013

CVE-2015-8331

HIGH
CVSS:7.4(High)

The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 does not properly invalidate the session ID when an "abnormal exit" occurs, which allows remote attacke...

CWE-202015

CVE-2015-8466

HIGH
CVSS:7.4(High)

Swift3 before 1.9 allows remote attackers to conduct replay attacks via an Authorization request that lacks a Date header.

CWE-202015

CVE-2015-8870

HIGH
CVSS:7.4(High)

Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process m...

CWE-202015