CVE-2001-0666 — Uncontrolled Resource Consumption in Microsoft Exchange Server

CWE-400 — Uncontrolled Resource Consumption4 documents4 sources

Severity

2.1LOWNVD

EPSS

0.3%

top 51.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Exchange Server

Timeline

PublishedOct 30

Latest updateApr 30

Description

Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox.

CVSS vector

AV:L/AC:L/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/exchange_server2000

Patches

Patch: docs.microsoft.com ↗Patch: docs.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-67xj-xw4w-wp3q: Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA re↗2022-04-30

▶

CVEList

CVE-2001-0666: Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA re↗2002-03-09

▶

💥Exploits & PoCs

Exploit-DB

Solaris 2.5.1/2.6/7.0/8 - patchadd Race Condition↗2000-12-18

▶