CVE-2002-0054
Last modified
CVE-2002-0054 is a vulnerability of currently unknown severity. SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.. EPSS estimates a 22.33% chance of exploitation in the next 30 days.
Description
SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Exchange Server | 5.5 |
| Microsoft | Windows 2000 | All versions |
References
- http://marc.info/?l=bugtraq&m=101501580409373&w=2Mailing List, Third Party Advisory
- http://www.securityfocus.com/bid/4205Patch, Third Party Advisory, VDB Entry
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-011Patch, Vendor Advisory
- http://marc.info/?l=bugtraq&m=101501580409373&w=2Mailing List, Third Party Advisory
- http://www.securityfocus.com/bid/4205Patch, Third Party Advisory, VDB Entry
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-011Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2002-0054?
How severe is CVE-2002-0054?
How do I fix CVE-2002-0054?
Are you affected by CVE-2002-0054?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST