Описание
Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.
Ссылки
- Third Party Advisory
- Third Party AdvisoryUS Government Resource
- PatchVendor Advisory
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party Advisory
- Third Party AdvisoryUS Government Resource
- PatchVendor Advisory
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:microsoft:exchange_server:2003:-:*:*:*:*:*:*
cpe:2.3:a:microsoft:sharepoint_services:2.0:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:enterprise:*:x64:*
cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:datacenter:*:x64:*
cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:standard:*:x64:*
cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:web:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:r2:*:*:*:*:*:x64:*
EPSS
Процентиль: 94%
0.14163
Средний
6 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
github
почти 4 года назад
Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.
EPSS
Процентиль: 94%
0.14163
Средний
6 Medium
CVSS2
Дефекты
CWE-200