Vulnerability Name: | CCN-13433 | ||||||
Published: | 2003-10-15 | ||||||
Updated: | 2003-10-15 | ||||||
Summary: | Microsoft Exchange is vulnerable to a denial of service. By connecting to an SMTP port on the vulnerable Exchange server, a remote attacker could send a specially-crafted extended verb request, which are used to communicate Exchange-specific information among Exchange servers, to cause the server to consume a large amount memory. This could cause the SMTP service to crash or cause the server to stop responding to legitimate requests. | ||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||
CVSS v2 Severity: | 5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||
Vulnerability Consequences: | Denial of Service | ||||||
References: | Source: CCN Type: VulnWatch Mailing List, Wed Oct 22 2003 - 04:13:56 CDT MS03-046 Microsoft Exchange 2000 Heap Overflow Source: CCN Type: CERT Advisory CA-2003-27 Multiple Vulnerabilities in Microsoft Windows and Exchange Source: CCN Type: CIAC Information Bulletin O-005 Microsoft Exchange Server Vulnerabilities Source: CCN Type: Microsoft Security Bulletin MS03-046 Vulnerability in Exchange Server Could Allow Arbitrary Code Execution (829436) Source: XF Type: UNKNOWN exchange-smtp-verb-dos(13433) | ||||||
Vulnerable Configuration: | Configuration CCN 1:![]() | ||||||
BACK |