Microsoft Exchange信息泄露漏洞(CVE-2020-17143)

基本字段

漏洞编号:
SSV-99069
披露/发现时间:
未知
提交时间:
2020-12-13
漏洞等级:
漏洞类别:
信息泄漏
影响组件:
Microsoft Exchange
(影响版本较多,点击查看)
漏洞作者:
未知
提交者:
Knownsec
CVE-ID:
CVE-2020-17143
CNNVD-ID:
补充
CNVD-ID:
补充
ZoomEye Dork:
补充

来源

漏洞详情

贡献者 共获得  0KB
暂未开放
共 0  兑换了

PoC (非 pocsuite 插件)

贡献者 Knownsec 共获得   0KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
#!/usr/bin/env python3
"""
Microsoft Exchange Server OWA OneDriveProUtilities GetWacUrl XML External Entity Processing Information Disclosure Vulnerability
Advisory: https://srcincite.io/advisories/src-2020-0030/
Patched in: https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2020-17143
## Summary
This vulnerability allows remote attackers to disclose information on affected installations of Exchange Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the GetWacIframeUrlForOneDrive service command. The issue results from the lack of proper validation of a user-supplied xml. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM.
## Affected
Fully patched version of Exchange 2016 and Exchange 2019 have been confirmed vulnerable
## Vulnerability Analysis
Inside of the `Microsoft.Exchange.Clients.Owa2.Server.dll` library the following class is reachable from an authenticated request:
```
namespace Microsoft.Exchange.Clients.Owa2.Server.Core
{
internal class GetWacIframeUrlForOneDrive : ServiceCommand<string>
{
public GetWacIframeUrlForOneDrive(ICallContext callContext, GetWacIframeUrlForOneDriveRequest request) : base(callContext)
{
this.endPointUrl = request.EndPointUrl;
this.documentUrl = request.DocumentUrl;
this.isEdit = request.IsEdit;
}
protected override string InternalExecute() // 1
{
UserContext userContext = UserContextManager.GetUserContext(base.CallContext.HttpContext, base.CallContext.EffectiveCaller, true);
if (userContext == null)
{
throw new OwaInvalidRequestException("Unable to determine user context.");
}
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

共 0 兑换

参考链接

解决方案

临时解决方案

暂无临时解决方案

官方解决方案

暂无官方解决方案

防护方案

暂无防护方案

人气 11524
评论前需绑定手机 现在绑定

暂无评论

※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负