Vulnerability Name:

CVE-2003-0712 (CCN-13421)

Assigned:2003-10-15
Published:2003-10-15
Updated:2020-04-09
Summary:Cross-site scripting (XSS) vulnerability in the HTML encoding for the Compose New Message form in Microsoft Exchange Server 5.5 Outlook Web Access (OWA) allows remote attackers to execute arbitrary web script.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-79
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Thu Oct 16 2003 - 07:21:30 CDT
Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting Attack (Microsoft Security Bulletin MS03-047)

Source: MITRE
Type: CNA
CVE-2003-0712

Source: BUGTRAQ
Type: Mailing List, Third Party Advisory
20031016 Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow

Source: CCN
Type: CERT Advisory CA-2003-27
Multiple Vulnerabilities in Microsoft Windows and Exchange

Source: CERT
Type: Third Party Advisory, US Government Resource
CA-2003-27

Source: CCN
Type: CIAC Information Bulletin O-010
Microsoft Exchange Server 5.5 Outlook Web Access Vulnerability

Source: CCN
Type: US-CERT VU#435444
Microsoft Outlook Web Access (OWA) contains cross-site scripting vulnerability in the Compose New Message form

Source: CERT-VN
Type: Patch, Third Party Advisory, US Government Resource
VU#435444

Source: CCN
Type: Microsoft Security Bulletin MS03-047
Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting Attack (828489)

Source: CCN
Type: Microsoft Security Bulletin MS04-026
Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting and Spoofing Attacks (842436)

Source: BID
Type: Patch, Third Party Advisory, VDB Entry
8832

Source: CCN
Type: BID-8832
Microsoft Exchange Server 5.5 Outlook Web Access Cross-Site Scripting Vulnerability

Source: MS
Type: Patch, Vendor Advisory
MS03-047

Source: XF
Type: UNKNOWN
exchange-owa-message-xss(13421)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:exchange_server:5.5:-:*:*:*:*:*:*
  • OR cpe:/a:microsoft:exchange_server:5.5:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:exchange_server:5.5:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:exchange_server:5.5:sp3:*:*:*:*:*:*
  • OR cpe:/a:microsoft:exchange_server:5.5:sp4:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:exchange_server:5.5:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    microsoft exchange server 5.5 -
    microsoft exchange server 5.5 sp1
    microsoft exchange server 5.5 sp2
    microsoft exchange server 5.5 sp3
    microsoft exchange server 5.5 sp4
    microsoft exchange server 5.5