Exchange Server Security Vulnerabilities and Issues — Exchange Server CVE List

Lucene search

MicrosoftExchange Server

5 matches found

CVE•added 2003/04/02 5:0 a.m.•57 views

CVE-2002-0054

SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.

7.5CVSS6.8AI score0.08515EPSS

CVE•added 2003/04/02 5:0 a.m.•55 views

CVE-2002-0698

Buffer overflow in Internet Mail Connector (IMC) for Microsoft Exchange Server 5.5 allows remote attackers to execute arbitrary code via an EHLO request from a system with a long name as obtained through a reverse DNS lookup, which triggers the overflow in IMC's hello response.

7.5CVSS7.8AI score0.17116EPSS

CVE•added 2003/04/02 5:0 a.m.•53 views

CVE-2002-0368

The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources."

5CVSS6.5AI score0.18087EPSS

CVE•added 2003/11/17 5:0 a.m.•50 views

CVE-2003-0714

The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 allows remote attackers to cause a denial of service (memory exhaustion) by directly connecting to the SMTP service and sending a certain extended verb request, possibly triggering a buffer overflow in Exchange 2000.

7.5CVSS7AI score0.65881EPSS

CVE•added 2003/11/17 5:0 a.m.•44 views

CVE-2003-0712

Cross-site scripting (XSS) vulnerability in the HTML encoding for the Compose New Message form in Microsoft Exchange Server 5.5 Outlook Web Access (OWA) allows remote attackers to execute arbitrary web script.

4.3CVSS6.1AI score0.18968EPSS