var-199908-0031
Vulnerability from variot
Microsoft Exchange 5.5 allows a remote attacker to relay email (i.e. spam) using encapsulated SMTP addresses, even if the anti-relaying features are enabled. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ Exchange Server MTA When this server is connected to the Internet, there is a problem that allows e-mail relaying by a third party from the outside. This can be done by inserting certain characters in the email. In addition, this issue can be used to target large emails that are large enough to be heavily loaded. Exchange Processing power can be taken away by sending from the server, and as a result DoS The attack will be successful. still, Microsoft IIS (Internet Information Server) 4.0/5.0 Implemented as standard SMTP A similar problem exists for services.Please refer to the “Overview” for the impact of this vulnerability. The vulnerability was originally announced in Microsoft Security Bulletin MS99-027 and reported to affect Exchange Server 5.5. Microsoft released a patch to fix the vulnerability for Exchange Server 5.5 only. There exists no patch for the IIS SMTP service. This vulnerability poses no threat to the data or software on the server, but could allow spam to be sent from the server without the administrator's knowledge or permission, and could lead to a Denial of Service condition if the volume of the mail relayed is sufficient
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-199908-0031",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "exchange server",
"scope": "eq",
"trust": 3.0,
"vendor": "microsoft",
"version": "5.5"
},
{
"model": "exchange server sp2",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "5.5"
},
{
"model": "exchange server sp1",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "5.5"
},
{
"model": "iis",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "iis",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
}
],
"sources": [
{
"db": "BID",
"id": "5213"
},
{
"db": "BID",
"id": "567"
},
{
"db": "JVNDB",
"id": "JVNDB-1999-000027"
},
{
"db": "CNNVD",
"id": "CNNVD-199908-009"
},
{
"db": "NVD",
"id": "CVE-1999-0682"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:exchange_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-1999-000027"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered and reported to Microsoft by Laurent Frinking of Quark Deutschland GmbH.",
"sources": [
{
"db": "BID",
"id": "567"
},
{
"db": "CNNVD",
"id": "CNNVD-199908-009"
}
],
"trust": 0.9
},
"cve": "CVE-1999-0682",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-1999-0682",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-1999-0682",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-1999-0682",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-199908-009",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-1999-000027"
},
{
"db": "CNNVD",
"id": "CNNVD-199908-009"
},
{
"db": "NVD",
"id": "CVE-1999-0682"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft Exchange 5.5 allows a remote attacker to relay email (i.e. spam) using encapsulated SMTP addresses, even if the anti-relaying features are enabled. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ Exchange Server MTA When this server is connected to the Internet, there is a problem that allows e-mail relaying by a third party from the outside. This can be done by inserting certain characters in the email. In addition, this issue can be used to target large emails that are large enough to be heavily loaded. Exchange Processing power can be taken away by sending from the server, and as a result DoS The attack will be successful. still, Microsoft IIS (Internet Information Server) 4.0/5.0 Implemented as standard SMTP A similar problem exists for services.Please refer to the \u201cOverview\u201d for the impact of this vulnerability. \nThe vulnerability was originally announced in Microsoft Security Bulletin MS99-027 and reported to affect Exchange Server 5.5. Microsoft released a patch to fix the vulnerability for Exchange Server 5.5 only. There exists no patch for the IIS SMTP service. This vulnerability poses no threat to the data or software on the server, but could allow spam to be sent from the server without the administrator\u0027s knowledge or permission, and could lead to a Denial of Service condition if the volume of the mail relayed is sufficient",
"sources": [
{
"db": "NVD",
"id": "CVE-1999-0682"
},
{
"db": "JVNDB",
"id": "JVNDB-1999-000027"
},
{
"db": "BID",
"id": "5213"
},
{
"db": "BID",
"id": "567"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "567",
"trust": 2.7
},
{
"db": "NVD",
"id": "CVE-1999-0682",
"trust": 2.4
},
{
"db": "BID",
"id": "5213",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-1999-000027",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-199908-009",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "5213"
},
{
"db": "BID",
"id": "567"
},
{
"db": "JVNDB",
"id": "JVNDB-1999-000027"
},
{
"db": "CNNVD",
"id": "CNNVD-199908-009"
},
{
"db": "NVD",
"id": "CVE-1999-0682"
}
]
},
"id": "VAR-199908-0031",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-11-22T23:08:27.310000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MS99-027",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/MS99-027.mspx"
},
{
"title": "MS99-027",
"trust": 0.8,
"url": "http://www.microsoft.com/japan/technet/security/bulletin/MS99-027.mspx"
},
{
"title": "Microsoft Exchange Server Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=113230"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-1999-000027"
},
{
"db": "CNNVD",
"id": "CNNVD-199908-009"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-DesignError",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-1999-000027"
},
{
"db": "NVD",
"id": "CVE-1999-0682"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.securityfocus.com/bid/567"
},
{
"trust": 2.6,
"url": "http://www.ciac.org/ciac/bulletins/j-056.shtml"
},
{
"trust": 2.6,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-027"
},
{
"trust": 2.0,
"url": "http://support.microsoft.com/default.aspx?scid=kb%3b%5bln%5d%3bq237927"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-1999-0682"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-1999-0682"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/5213"
},
{
"trust": 0.6,
"url": "http://support.microsoft.com/default.aspx?scid=kb;[ln];q237927"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms99-027.asp"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/security/bulletin/fq99-027.asp"
},
{
"trust": 0.3,
"url": "http://home.win2000archives.com/2000/bugs/ms_exchange__9.html"
},
{
"trust": 0.3,
"url": "http://support.microsoft.com/support/kb/articles/q282/0/92.asp"
},
{
"trust": 0.3,
"url": "http://support.microsoft.com/support/kb/articles/q237/9/27.asp"
}
],
"sources": [
{
"db": "BID",
"id": "5213"
},
{
"db": "BID",
"id": "567"
},
{
"db": "JVNDB",
"id": "JVNDB-1999-000027"
},
{
"db": "CNNVD",
"id": "CNNVD-199908-009"
},
{
"db": "NVD",
"id": "CVE-1999-0682"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "5213"
},
{
"db": "BID",
"id": "567"
},
{
"db": "JVNDB",
"id": "JVNDB-1999-000027"
},
{
"db": "CNNVD",
"id": "CNNVD-199908-009"
},
{
"db": "NVD",
"id": "CVE-1999-0682"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-07-12T00:00:00",
"db": "BID",
"id": "5213"
},
{
"date": "1999-08-06T00:00:00",
"db": "BID",
"id": "567"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-1999-000027"
},
{
"date": "1999-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199908-009"
},
{
"date": "1999-08-06T04:00:00",
"db": "NVD",
"id": "CVE-1999-0682"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-07-12T00:00:00",
"db": "BID",
"id": "5213"
},
{
"date": "1999-08-06T00:00:00",
"db": "BID",
"id": "567"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-1999-000027"
},
{
"date": "2020-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199908-009"
},
{
"date": "2024-11-20T23:29:13.333000",
"db": "NVD",
"id": "CVE-1999-0682"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "5213"
},
{
"db": "BID",
"id": "567"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft Exchange Server Vulnerabilities used as relay points for email",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-1999-000027"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199908-009"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.