Lucene search

[email protected]CVE-2004-1312

HistoryJan 06, 2005 - 5:00 a.m.

CVE-2004-1312

2005-01-0605:00:00

[email protected]

web.nvd.nist.gov

html parser

microsoft

library

remote attackers

denial of service

gfi mailessentials

gfi mailsecurity

exchange

nvd

cve-2004-1312

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.6 Medium

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.6%

JSON

A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party products, may allow remote attackers to cause a denial of service via certain strings, as reported in GFI MailEssentials for Exchange 9 and 10, and GFI MailSecurity for Exchange 8, which causes emails to remain in IIS or Exchange mail queues.

Affected configurations

NVD

Node

gfimailessentialsMatch9.0exchange_smtp

gfimailessentialsMatch10.0exchange_smtp

gfimailessentialsMatch10.1exchange_smtp

gfimailsecurityMatch8.0exchange_smtp

CPENameOperatorVersion
gfi:mailessentialsgfi mailessentialseq9.0
gfi:mailessentialsgfi mailessentialseq10.0
gfi:mailessentialsgfi mailessentialseq10.1
gfi:mailsecuritygfi mailsecurityeq8.0

CPE	Name	Operator	Version
gfi:mailessentials	gfi mailessentials	eq	9.0
gfi:mailessentials	gfi mailessentials	eq	10.0
gfi:mailessentials	gfi mailessentials	eq	10.1
gfi:mailsecurity	gfi mailsecurity	eq	8.0

References

kbase.gfi.com/showarticle.asp?id=KBID002249

secunia.com/advisories/13708

www.csis.dk/default.asp?m=1&a=194

www.securityfocus.com/bid/12148

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.6 Medium

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.6%

JSON

Related for CVE-2004-1312

securityvulns1 cvelist1 nvd1