Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2003-0904 | First vendor Publication | 2004-01-20 |
Vendor | Cve | Last vendor Modification | 2020-04-09 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:S/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 6.8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0904 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-200 | Information Exposure |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:477 | |||
Oval ID: | oval:org.mitre.oval:def:477 | ||
Title: | MS Exchange / OWA NTLM Authentication Vulnerability | ||
Description: | Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-0904 | Version: | 1 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows Server 2003 | Product(s): | Microsoft Exchange Server |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
3490 | Microsoft Exchange 2003 OWA Mailbox Access Information Disclosure Microsoft Exchange 2003 contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when Microsoft Windows SharePoint services are installed, causing Kerberos authentication to be disabled in IIS. This can cause improper handling of Outlook Web Access (OWA) requests, which could allow a remote user to gain access to the wrong mailbox. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2004-01-13 | Name : It is possible to access other users mailboxes. File : smb_nt_ms04-002.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:02:09 |
|
2021-04-22 01:02:22 |
|
2020-05-23 00:15:31 |
|
2018-10-13 00:22:28 |
|
2017-10-11 09:23:18 |
|
2017-07-11 12:01:18 |
|
2016-04-26 12:38:21 |
|
2014-02-17 10:26:40 |
|
2013-05-11 11:53:13 |
|