CVE-2003-0904

medium Microsoft
CVSS v3 Base Score
6.0
AV:N/AC:M/Au:S/C:P/I:P/A:P
EPSS Score
14.2%
Exploitation probability in 30 days
Top 6% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
P
Availability
P
Published: January 20, 2004 (8150 days ago)
Last Modified: April 16, 2026
Vendor: Microsoft
Source: NVD

Description

Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.

CWE

CWE-200

Affected Products

microsoft exchange servermicrosoft sharepoint servicesmicrosoft windows server 2003

References

🔗 secunia.com 🔗 www.kb.cert.org 🔗 www.microsoft.com 🔗 www.ntbugtraq.com 🔗 www.securityfocus.com