CVE-2003-0904
Description
Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.
Related CPE's
Could not find any relations
References
Third Party Advisory
PatchVendor Advisory
Third Party AdvisoryVDB Entry
Third Party AdvisoryUS Government Resource
Third Party Advisory
Third Party AdvisoryVDB Entry
Third Party AdvisoryVDB Entry
Third Party Advisory
PatchVendor Advisory
CvssV3 impact
Could not find any metrics
CvssV2 impact
Version | 2.0 |
VectorString | AV:N/AC:M/Au:S/C:P/I:P/A:P |
AccessVector | NETWORK |
AccessComplexity | MEDIUM |
Authentication | SINGLE |
ConfidentialityImpact | PARTIAL |
IntegrityImpact | PARTIAL |
AvailabilityImpact | PARTIAL |
BaseScore | 6 |