CVE-2002-0054
First published: Fri Mar 08 2002(Updated: )
SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Exchange Server | =5.5-sp1 | |
| Microsoft Exchange Server | =5.5-sp4 | |
| Microsoft Exchange Server | =5.5-sp2 | |
| Microsoft Exchange Server | =5.5-sp3 | |
| Microsoft Exchange Server | =5.5 | |
| Microsoft Windows 2000 | ||
| Microsoft Windows 2000 | =sp1 | |
| Microsoft Windows 2000 | =sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/type
- agent/remedy
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/microsoft
- canonical/microsoft exchange server
- version/microsoft exchange server/5.5-sp1
- version/microsoft exchange server/5.5-sp4
- version/microsoft exchange server/5.5-sp2
- version/microsoft exchange server/5.5-sp3
- version/microsoft exchange server/5.5
- canonical/microsoft windows 2000
- version/microsoft windows 2000/sp1
- version/microsoft windows 2000/sp2