oval:org.mitre.oval:def:477

Definition Id: oval:org.mitre.oval:def:477

Oval ID:	oval:org.mitre.oval:def:477
Title:	MS Exchange / OWA NTLM Authentication Vulnerability
Description:	Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0904	Version:	1
Platform(s):	Microsoft Windows 2000 Microsoft Windows Server 2003	Product(s):	Microsoft Exchange Server
Definition Synopsis:
Software section Exchange Server 2003 (gold edition) is installed AND the version of exprox.dll is less than 6.5.6980.57 AND NOT the patch KB832759 is installed AND Configuration section this is a front-end server providing Outlook Web Access AND the back-end server is Exchange Server 2003 running on Windows 2003 AND NOT HTTP connection reuse is disabled AND Kerberos is disabled on the virtual server that hosts OWA on the Exchange Server 2003 back-end server