CVE-2002-0054

HIGH

SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.

CVSS v2.0 Score

7.5

/ 10.0

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Information

Published: 8 mars 2002
Updated: 16 avr. 2026
Status: Modified
Source: cve@mitre.org

Affected products

microsoft exchange server

Versions : 5.5

microsoft windows 2000

Weaknesses (CWE)

CWE-294

References (6)

http://marc.info/?l=bugtraq&m=101501580409373&w=2
Mailing ListThird Party Advisory
http://www.securityfocus.com/bid/4205
PatchThird Party AdvisoryVDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-011
PatchVendor Advisory
http://marc.info/?l=bugtraq&m=101501580409373&w=2
Mailing ListThird Party Advisory
http://www.securityfocus.com/bid/4205
PatchThird Party AdvisoryVDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-011
PatchVendor Advisory

Similar CVEs

Other vulnerabilities of type CWE-294

Loading…

Monitor your products

Get automatic alerts for every new CVE affecting your equipment.

Enable monitoring