Microsoft: >> Exchange Server Security Vulnerabilities
Microsoft Outlook and Outlook Express allow remote attackers to cause a denial of service by sending email messages with blank fields such as BCC, Reply-To, Return-Path, or From.
CVSS Score
5.0
EPSS Score
0.155
Published
2000-06-05
Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution list.
CVSS Score
5.0
EPSS Score
0.051
Published
2000-02-29
Microsoft Exchange Server 5.5 and 5.0 does not properly handle (1) malformed NNTP data, or (2) malformed SMTP data, which allows remote attackers to cause a denial of service (application error).
CVSS Score
5.0
EPSS Score
0.065
Published
1999-12-31
Modifications to ACLs (Access Control Lists) in Microsoft Exchange 5.5 do not take effect until the directory store cache is refreshed.
CVSS Score
7.5
EPSS Score
0.087
Published
1999-12-13
Microsoft Exchange 5.5 allows a remote attacker to relay email (i.e. spam) using encapsulated SMTP addresses, even if the anti-relaying features are enabled.
CVSS Score
5.0
EPSS Score
0.184
Published
1999-08-06
The LDAP bind function in Exchange 5.5 has a buffer overflow that allows a remote attacker to conduct a denial of service or execute commands.
CVSS Score
10.0
EPSS Score
0.09
Published
1998-12-01
The installation of 1ArcServe Backup and Inoculan AV client modules for Exchange create a log file, exchverify.log, which contains usernames and passwords in plaintext.
CVSS Score
4.6
EPSS Score
0.005
Published
1998-11-12
Information from SSL-encrypted sessions via PKCS #1.
CVSS Score
5.0
EPSS Score
0.051
Published
1998-06-26
Denial of service to NT mail servers including Ipswitch, Mdaemon, and Exchange through a buffer overflow in the SMTP HELO command.
CVSS Score
7.5
EPSS Score
0.034
Published
1998-01-01
Page 23