Описание
SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.
Ссылки
- Mailing ListThird Party Advisory
- PatchThird Party AdvisoryVDB Entry
- PatchVendor Advisory
- Mailing ListThird Party Advisory
- PatchThird Party AdvisoryVDB Entry
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:microsoft:exchange_server:5.5:-:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:5.5:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:5.5:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:5.5:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:5.5:sp4:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:o:microsoft:windows_2000:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:-:sp2:*:*:*:*:*:*
EPSS
Процентиль: 92%
0.08243
Низкий
7.5 High
CVSS2
Дефекты
CWE-294
Связанные уязвимости
github
больше 3 лет назад
SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.
EPSS
Процентиль: 92%
0.08243
Низкий
7.5 High
CVSS2
Дефекты
CWE-294