CVE-2002-0054

critical

Description

SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.

References

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-011

http://www.securityfocus.com/bid/4205

http://marc.info/?l=bugtraq&m=101501580409373&w=2

Details

Source: Mitre, NVD

Published: 2002-03-08

Updated: 2020-04-09

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical