Exchange Server Security Vulnerabilities and Issues — Exchange Server CVE List

Lucene search

MicrosoftExchange Server

4 matches found

CVE•added 2005/06/14 4:0 a.m.•82 views

CVE-2005-0563

Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web Access (OWA) component in Exchange Server 5.5 allows remote attackers to inject arbitrary web script or HTML via an email message with an encoded javascript: URL ("jav&#X41sc ript:") in an IMG tag.

4.3CVSS5.5AI score0.22959EPSS

CVE•added 2005/06/28 4:0 a.m.•61 views

CVE-2002-1790

The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682.

5CVSS6.7AI score0.17784EPSS

CVE•added 2005/06/28 4:0 a.m.•43 views

CVE-2002-1873

Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls.

5CVSS7.1AI score0.16246EPSS

CVE•added 2005/06/28 4:0 a.m.•41 views

CVE-2002-1876

Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS.

2.1CVSS6.5AI score0.00816EPSS