CVE-2003-0904

Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:microsoft:exchange_server:2003:-:*:*:*:*:*:*
cpe:2.3:a:microsoft:sharepoint_services:2.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:enterprise:*:x64:*
cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:datacenter:*:x64:*
cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:standard:*:x64:*
cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:web:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:r2:*:*:*:*:*:x64:*

History

No history.

Information

Published : 2004-01-20 05:00

Updated : 2024-02-28 10:24


NVD link : CVE-2003-0904

Mitre link : CVE-2003-0904

CVE.ORG link : CVE-2003-0904


JSON object : View

Products Affected

microsoft

  • exchange_server
  • windows_server_2003
  • sharepoint_services
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor