5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.007 Low
EPSS
Percentile
80.1%
Microsoft Exchange 2000 contains a vulnerability that allows remote attackers to conduct a denial-of-service attack that once begun, cannot be stopped until the crafted message has been completely processed.
Microsoft Exchange 2000 contains a vulnerability in its handling of RFC2822 message headers. If an attacker connects directly to the Exchange server and submits a crafted message containing certain invalid headers, Exchange will consume all available CPU resources to process the message. Due to the way that messages are queued on the Exchange server, restarting the Exchange service or rebooting the server will not remove the message from the queue; it must be completely processed before the server can process any other requests.
Attackers can conduct a denial-of-service attack that once begun, cannot be stopped until the crafted message has been completely processed.
Apply a patch from your vendor
Microsoft has released Microsoft Security Bulletin MS02-025 to address this issue. For more information, please see
http://www.microsoft.com/technet/security/bulletin/ms02-025.asp
779163
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: May 29, 2002 Updated: June 05, 2002
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Microsoft has released Microsoft Security Bulletin MS02-025 to address this issue. For more information, please see
http://www.microsoft.com/technet/security/bulletin/ms02-025.asp
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23779163 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This vulnerability was discovered by researchers at the Johannes Gutenberg University in Mainz, Germany.
This document was written by Jeffrey P. Lanza based on information provided by Microsoft.
CVE IDs: | CVE-2002-0368 |
---|---|
Severity Metric: | 6.30 Date Public: |