New Search

MS Exchange / OWA NTLM Authentication Vulnerability

oval:org.mitre.oval:def:477

Microsoft Exchange 2003 and Outlook Web Access (OWA) when configured to use NTLM authentication does not properly reuse HTTP connections which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0 e.g. when SharePoint Services 2.0 is installed.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2003
  • Microsoft Windows 2000
Class:
vulnerability
Reference(s):
  • CVE-2003-0904
Product(s):
  • Microsoft Exchange Server