CVE-2001-0660

Published Oct 30, 2001

Last updated 12 days ago

CVSS info 5.0

Overview

Description
Outlook Web Access (OWA) in Microsoft Exchange 5.5, SP4 and earlier, allows remote attackers to identify valid user email addresses by directly accessing a back-end function that processes the global address list (GAL).
Source
cve@mitre.org
NVD status
Modified
Products
exchange_server

Risk scores

CVSS 2.0

Type
Primary
Base score
5
Impact score
2.9
Exploitability score
10
Vector string
AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov
NVD-CWE-Other

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.CVE-2026-21527
  2. User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.CVE-2025-64667
  3. Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.CVE-2025-64666
  4. Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.CVE-2025-59249
  5. Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.CVE-2025-59248

References

Sources include official advisories and independent security research.