CVE-2003-0714

Exploit

EPSS 67.79%
Published 17.11.2003 05:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 allows remote attackers to cause a denial of service (memory exhaustion) by directly connecting to the SMTP service and sending a certain extended verb request, possibly triggering a buffer overflow in Exchange 2000.

Affected products Warnungen 0 Metrics 2 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Exchange Server Version5.5 Update-

Microsoft ≫ Exchange Server Version5.5 Updatesp1

Microsoft ≫ Exchange Server Version5.5 Updatesp2

Microsoft ≫ Exchange Server Version5.5 Updatesp3

Microsoft ≫ Exchange Server Version5.5 Updatesp4

Microsoft ≫ Exchange Server Version2000 Update-

Microsoft ≫ Exchange Server Version2000 Updatesp1

Microsoft ≫ Exchange Server Version2000 Updatesp2

Microsoft ≫ Exchange Server Version2000 Updatesp3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	67.79%	0.985

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

http://www.cert.org/advisories/CA-2003-27.html

Third Party Advisory

US Government Resource

http://marc.info/?l=bugtraq&m=106682909006586&w=2

Third Party Advisory

Mailing List

http://www.kb.cert.org/vuls/id/422156

Patch

Third Party Advisory

US Government Resource

http://www.securityfocus.com/bid/8838

Patch