CVE-2003-0904
Severity CVSS v4.0:
Pending analysis
Type:
CWE-200
Information Leak / Disclosure
Publication date:
20/01/2004
Last modified:
03/04/2025
Description
Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.
Impact
Base Score 2.0
6.00
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:microsoft:exchange_server:2003:-:*:*:*:*:*:* | ||
cpe:2.3:a:microsoft:sharepoint_services:2.0:*:*:*:*:*:*:* | ||
cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:enterprise:*:x64:* | ||
cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:datacenter:*:x64:* | ||
cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:standard:*:x64:* | ||
cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:web:*:*:* | ||
cpe:2.3:o:microsoft:windows_server_2003:r2:*:*:*:*:*:x64:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/10615
- http://www.kb.cert.org/vuls/id/530660
- http://www.microsoft.com/exchange/support/e2k3owa.asp
- http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0311&L=ntbugtraq&F=P&S=&P=9281
- http://www.securityfocus.com/bid/9118
- http://www.securityfocus.com/bid/9409
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-002
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13869
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A477
- http://secunia.com/advisories/10615
- http://www.kb.cert.org/vuls/id/530660
- http://www.microsoft.com/exchange/support/e2k3owa.asp
- http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0311&L=ntbugtraq&F=P&S=&P=9281
- http://www.securityfocus.com/bid/9118
- http://www.securityfocus.com/bid/9409
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-002
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13869
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A477