Back to search
CVE-2003-0904
Published: Jan 8, 2004
Modified: Aug 8, 2024
PUBLISHED
Description
Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
9409
vdb-entry
x_refsource_BID
VU#530660
third-party-advisory
x_refsource_CERT-VN
oval:org.mitre.oval:def:477
vdb-entry
signature
x_refsource_OVAL
9118
vdb-entry
x_refsource_BID
10615
third-party-advisory
x_refsource_SECUNIA
http://www.microsoft.com/exchange/support/e2k3owa.asp
x_refsource_CONFIRM
exchange-owa-account-access(13869)
vdb-entry
x_refsource_XF
MS04-002
vendor-advisory
x_refsource_MS
20031114 Exchange 2003 OWA major security flaw
mailing-list
x_refsource_NTBUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now