CVE-2003-0904

Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.

Published: Jan 20, 2004
Updated: Apr 13, 2023
CVE: CVE-2003-0904
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6
AV:N/AC:M/Au:S/C:P/I:P/A:P

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
microsoft / sharepoint_services	2.0	2.0.x
microsoft / exchange_server	2003	2003.x
microsoft / windows_server_2003	-	-
microsoft / windows_server_2003	r2	r2.x

http://secunia.com/advisories/10615
http://www.kb.cert.org/vuls/id/530660
http://www.microsoft.com/exchange/support/e2k3owa.asp
http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0311&L=ntbugtraq&F=P&S=&P=9281
http://www.securityfocus.com/bid/9118
http://www.securityfocus.com/bid/9409
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-002
https://exchange.xforce.ibmcloud.com/vulnerabilities/13869
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A477

Vulnerability Database

289,599

CVE-2003-0904