Description
Outlook Web Access (OWA) in Microsoft Exchange 5.5, SP4 and earlier, allows remote attackers to identify valid user email addresses by directly accessing a back-end function that processes the global address list (GAL).
Products
- Microsoft Exchange Server Service Pack 4
- Microsoft Exchange Server 4.0 Service Pack 4
- Microsoft Exchange Server 5.5 Service Pack 4
Questions to Ask Vendors
- Can you confirm whether your systems are affected by CVE-2001-0660, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2001-0660 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions
- Check out the advisory links provided below.
References