CVE-2003-0904

Name of the Vulnerable Software and Affected Versions Microsoft Exchange 2003 Outlook Web Access (OWA)

Description The issue arises when Microsoft Exchange 2003 and Outlook Web Access (OWA) are configured to use NTLM authentication. In such cases, the software does not properly reuse HTTP connections. This can lead to a situation where OWA users may inadvertently view the mailboxes of other users. The problem is particularly pronounced when Kerberos has been disabled as an authentication method for IIS 6.0, a scenario that can occur when SharePoint Services 2.0 is installed.

Recommendations For Microsoft Exchange 2003, consider re-enabling Kerberos authentication for IIS 6.0 to mitigate the risk. For Outlook Web Access (OWA), restrict access to sensitive mailboxes until a proper fix is applied. As a temporary workaround, consider disabling NTLM authentication and switching to a different authentication method until the issue is resolved.