Vulnerability Description
Outlook Web Access (OWA) in Microsoft Exchange 5.5, SP4 and earlier, allows remote attackers to identify valid user email addresses by directly accessing a back-end function that processes the global address list (GAL).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Exchange Server | <= 5.5 |
References
- http://support.microsoft.com/support/kb/articles/Q307/1/95.ASPPatchVendor Advisory
- http://www.securityfocus.com/bid/3301
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-04
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7089
- http://support.microsoft.com/support/kb/articles/Q307/1/95.ASPPatchVendor Advisory
- http://www.securityfocus.com/bid/3301
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-04
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7089
FAQ
What is CVE-2001-0660?
CVE-2001-0660 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Outlook Web Access (OWA) in Microsoft Exchange 5.5, SP4 and earlier, allows remote attackers to identify valid user email addresses by directly accessing a back-end function that processes the global ...
How severe is CVE-2001-0660?
CVE-2001-0660 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-0660?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Exchange Server.