CVE-2003-0904

Sažetak

Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.

Reference

http://secunia.com/advisories/10615
http://www.kb.cert.org/vuls/id/530660
http://www.microsoft.com/exchange/support/e2k3owa.asp
http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0311&L=ntbugtraq&F=P&S=&P=9281
http://www.securityfocus.com/bid/9118
http://www.securityfocus.com/bid/9409
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-002
https://exchange.xforce.ibmcloud.com/vulnerabilities/13869
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A477

CVSS

Base:	6.0
Impact:	6.4
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

09-04-2020 - 13:49

Objavljeno

20-01-2004 - 05:00