Unrated severityNVD Advisory· Published Jan 20, 2004· Updated Apr 16, 2026
CVE-2003-0904
CVE-2003-0904
Description
Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.
Affected products
7- cpe:2.3:a:microsoft:exchange_server:2003:-:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sharepoint_services:2.0:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:datacenter:*:x64:*+ 4 more
- cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:datacenter:*:x64:*
- cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:enterprise:*:x64:*
- cpe:2.3:o:microsoft:windows_server_2003:r2:*:*:*:*:*:x64:*
- cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:standard:*:x64:*
- cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:web:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- www.microsoft.com/exchange/support/e2k3owa.aspnvdPatchVendor Advisory
- docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-002nvdPatchVendor Advisory
- secunia.com/advisories/10615nvdThird Party Advisory
- www.kb.cert.org/vuls/id/530660nvdThird Party AdvisoryUS Government Resource
- www.ntbugtraq.com/default.aspnvdThird Party Advisory
- www.securityfocus.com/bid/9118nvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/9409nvdThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/13869nvdThird Party AdvisoryVDB Entry
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A477nvdThird Party Advisory
News mentions
0No linked articles in our index yet.