CVE-2003-0904

CWE-200 — Information Exposure3 documents3 sources

Severity

6.0MEDIUM

EPSS

14.2%

top 5.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Exchange Server Microsoft Sharepoint Services Microsoft Windows Server 2003

Timeline

PublishedJan 20

Latest updateApr 29

Description

Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages3 packages

▶NVDmicrosoft/sharepoint_services2.0

▶NVDmicrosoft/exchange_server2003

▶NVDmicrosoft/windowsr2

Patches

Patch: www.microsoft.com ↗Patch: docs.microsoft.com ↗Patch: www.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-wpp8-hx5r-4jfx: Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can↗2022-04-29

▶

CVEList

CVE-2003-0904: Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can↗2004-01-08

▶