Microsoft: >> Exchange Server Security Vulnerabilities
Microsoft Exchange Server 5.5 and 5.0 does not properly handle (1) malformed NNTP data, or (2) malformed SMTP data, which allows remote attackers to cause a denial of service (application error).
CVSS Score
5.0
EPSS Score
0.065
Published
1999-12-31
Modifications to ACLs (Access Control Lists) in Microsoft Exchange 5.5 do not take effect until the directory store cache is refreshed.
CVSS Score
7.5
EPSS Score
0.087
Published
1999-12-13
Microsoft Exchange 5.5 allows a remote attacker to relay email (i.e. spam) using encapsulated SMTP addresses, even if the anti-relaying features are enabled.
CVSS Score
5.0
EPSS Score
0.184
Published
1999-08-06
The LDAP bind function in Exchange 5.5 has a buffer overflow that allows a remote attacker to conduct a denial of service or execute commands.
CVSS Score
10.0
EPSS Score
0.09
Published
1998-12-01
The installation of 1ArcServe Backup and Inoculan AV client modules for Exchange create a log file, exchverify.log, which contains usernames and passwords in plaintext.
CVSS Score
4.6
EPSS Score
0.006
Published
1998-11-12
Information from SSL-encrypted sessions via PKCS #1.
CVSS Score
5.0
EPSS Score
0.032
Published
1998-06-26
Denial of service to NT mail servers including Ipswitch, Mdaemon, and Exchange through a buffer overflow in the SMTP HELO command.
CVSS Score
7.5
EPSS Score
0.034
Published
1998-01-01
Page 24