CVE-2003-0904

high

Description

Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A477

https://exchange.xforce.ibmcloud.com/vulnerabilities/13869

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-002

http://www.securityfocus.com/bid/9409

http://www.securityfocus.com/bid/9118

http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0311&L=ntbugtraq&F=P&S=&P=9281

http://www.microsoft.com/exchange/support/e2k3owa.asp

http://www.kb.cert.org/vuls/id/530660

http://secunia.com/advisories/10615

Details

Source: Mitre, NVD

Published: 2004-01-20

Updated: 2020-04-09

Risk Information

CVSS v2

Base Score: 6

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High