CVE-2003-0904

Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.
References
Link Resource
http://secunia.com/advisories/10615 Third Party Advisory
http://www.kb.cert.org/vuls/id/530660 Third Party Advisory US Government Resource
http://www.microsoft.com/exchange/support/e2k3owa.asp Patch Vendor Advisory
http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0311&L=ntbugtraq&F=P&S=&P=9281 Third Party Advisory
http://www.securityfocus.com/bid/9118 Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/9409 Third Party Advisory VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-002 Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/13869 Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A477 Third Party Advisory
http://secunia.com/advisories/10615 Third Party Advisory
http://www.kb.cert.org/vuls/id/530660 Third Party Advisory US Government Resource
http://www.microsoft.com/exchange/support/e2k3owa.asp Patch Vendor Advisory
http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0311&L=ntbugtraq&F=P&S=&P=9281 Third Party Advisory
http://www.securityfocus.com/bid/9118 Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/9409 Third Party Advisory VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-002 Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/13869 Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A477 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:microsoft:exchange_server:2003:-:*:*:*:*:*:*
cpe:2.3:a:microsoft:sharepoint_services:2.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:enterprise:*:x64:*
cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:datacenter:*:x64:*
cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:standard:*:x64:*
cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:web:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:r2:*:*:*:*:*:x64:*

History

20 Nov 2024, 23:45

Type Values Removed Values Added
References () http://secunia.com/advisories/10615 - Third Party Advisory () http://secunia.com/advisories/10615 - Third Party Advisory
References () http://www.kb.cert.org/vuls/id/530660 - Third Party Advisory, US Government Resource () http://www.kb.cert.org/vuls/id/530660 - Third Party Advisory, US Government Resource
References () http://www.microsoft.com/exchange/support/e2k3owa.asp - Patch, Vendor Advisory () http://www.microsoft.com/exchange/support/e2k3owa.asp - Patch, Vendor Advisory
References () http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0311&L=ntbugtraq&F=P&S=&P=9281 - Third Party Advisory () http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0311&L=ntbugtraq&F=P&S=&P=9281 - Third Party Advisory
References () http://www.securityfocus.com/bid/9118 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/9118 - Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/bid/9409 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/9409 - Third Party Advisory, VDB Entry
References () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-002 - Patch, Vendor Advisory () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-002 - Patch, Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/13869 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/13869 - Third Party Advisory, VDB Entry
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A477 - Third Party Advisory () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A477 - Third Party Advisory

Information

Published : 2004-01-20 05:00

Updated : 2024-11-20 23:45


NVD link : CVE-2003-0904

Mitre link : CVE-2003-0904

CVE.ORG link : CVE-2003-0904


JSON object : View

Products Affected

microsoft

  • exchange_server
  • windows_server_2003
  • sharepoint_services
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor