CVE-2003-0904

Description

Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.

Related CPE's

Could not find any relations

References

20031114 Exchange 2003 OWA major security flaw

Third Party Advisory

http://www.microsoft.com/exchange/support/e2k3owa.asp

PatchVendor Advisory

9118

Third Party AdvisoryVDB Entry

VU#530660

Third Party AdvisoryUS Government Resource

10615

Third Party Advisory

9409

Third Party AdvisoryVDB Entry

exchange-owa-account-access(13869)

Third Party AdvisoryVDB Entry

oval:org.mitre.oval:def:477

Third Party Advisory

MS04-002

PatchVendor Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version	2.0
VectorString	AV:N/AC:M/Au:S/C:P/I:P/A:P
AccessVector	NETWORK
AccessComplexity	MEDIUM
Authentication	SINGLE
ConfidentialityImpact	PARTIAL
IntegrityImpact	PARTIAL
AvailabilityImpact	PARTIAL
BaseScore	6

Created by Yello

About Severity.io