Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0904

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2003-0904
Last Modified 10 Sep 2008 12:00:00
Published 20 Jan 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2003-0904

Summary

Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.

Vulnerable Systems

Operating System

  • Microsoft Windows 2003 Server Enterprise

  • Microsoft Windows 2003 Server Enterprise 64-bit

  • Microsoft Windows 2003 Server R2

  • Microsoft Windows 2003 Server Standard

  • Microsoft Windows 2003 Server Web

Application

  • Microsoft Exchange Server 2003

  • Microsoft Sharepoint Services 2.0


References

CERT-VN - VU#530660

XF - exchange-owa-account-access(13869)

CONFIRM - http://www.microsoft.com/exchange/support/e2k3owa.asp

BID - 9409

BID - 9118

NTBUGTRAQ - 20031114 Exchange 2003 OWA major security flaw

MS - MS04-002

SECUNIA - 10615


Last Updated: 27 May 2016 10:38:06