Vulnerability Name:

CVE-2004-0203 (CCN-16583)

Assigned:2004-08-10
Published:2004-08-10
Updated:2020-04-09
Summary:Cross-site scripting (XSS) vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-79
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Wed Aug 11 2004 - 02:02:06 CDT
HTTP Response Splitting vulnerability in Microsoft Outlook Web Access for Exchange 5.5

Source: MITRE
Type: CNA
CVE-2004-0203

Source: CCN
Type: CIAC Information Bulletin 0-197
Microsoft Exchange Server 5.5 Outlook Web Access Vulnerability

Source: CCN
Type: US-CERT VU#948750
Microsoft Outlook Web Access contains vulnerability in HTML redirection query

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#948750

Source: CCN
Type: Microsoft Security Bulletin MS04-026
Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting and Spoofing Attacks (842436)

Source: CCN
Type: OSVDB ID: 84069
Ultrix binmail tempfile Race Condition Local Privilege Escalation

Source: CCN
Type: BID-10902
Microsoft Exchange Outlook Web Access HTTP Response Splitting Vulnerability

Source: MS
Type: Patch, Vendor Advisory
MS04-026

Source: XF
Type: Third Party Advisory, VDB Entry
exchange-owa-execute-code(16583)

Source: XF
Type: UNKNOWN
exchange-owa-execute-code(16583)

Source: OVAL
Type: Third Party Advisory
oval:org.mitre.oval:def:2016

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:exchange_server:5.5:-:*:*:*:*:*:*
  • OR cpe:/a:microsoft:exchange_server:5.5:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:exchange_server:5.5:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:exchange_server:5.5:sp3:*:*:*:*:*:*
  • OR cpe:/a:microsoft:exchange_server:5.5:sp4:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:exchange_server:5.5:sp4:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:2016
    V
    		MS Exchange Server Cross-site Scripting Vulnerability
    2007-11-13
    BACK
    microsoft exchange server 5.5 -
    microsoft exchange server 5.5 sp1
    microsoft exchange server 5.5 sp2
    microsoft exchange server 5.5 sp3
    microsoft exchange server 5.5 sp4
    microsoft exchange server 5.5 sp4