Lucene search

[email protected]CVE-2015-6291

HistoryNov 06, 2015 - 3:59 a.m.

CVE-2015-6291

2015-11-0603:59:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2015-6291

cisco asyncos

email security appliance

esa

denial of service

bug id

cscuv47151

nvd

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

6.8 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

56.2%

JSON

Cisco AsyncOS before 8.5.7-043, 9.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-046 on Email Security Appliance (ESA) devices mishandles malformed fields during body-contains, attachment-contains, every-attachment-contains, attachment-binary-contains, dictionary-match, and attachment-dictionary-match filtering, which allows remote attackers to cause a denial of service (memory consumption) via a crafted attachment in an e-mail message, aka Bug ID CSCuv47151.

Affected configurations

NVD

Node

ciscoemail_security_applianceMatch7.7.0-000

ciscoemail_security_applianceMatch7.7.1-000

ciscoemail_security_applianceMatch8.0_base

ciscoemail_security_applianceMatch8.5.6-052

ciscoemail_security_applianceMatch8.5.6-073

ciscoemail_security_applianceMatch8.5.6-074

ciscoemail_security_applianceMatch8.5.6-106

ciscoemail_security_applianceMatch8.5.6-113

ciscoemail_security_applianceMatch8.5.7-042

ciscoemail_security_applianceMatch8.5_base

ciscoemail_security_applianceMatch9.0.0

ciscoemail_security_applianceMatch9.0.0-212

ciscoemail_security_applianceMatch9.0.0-461

ciscoemail_security_applianceMatch9.0.5-000

ciscoemail_security_applianceMatch9.1.0-032

ciscoemail_security_applianceMatch9.6.0-042

CPENameOperatorVersion
cisco:email_security_appliancecisco email security applianceeq7.7.0-000
cisco:email_security_appliancecisco email security applianceeq7.7.1-000
cisco:email_security_appliancecisco email security applianceeq8.0_base
cisco:email_security_appliancecisco email security applianceeq8.5.6-052
cisco:email_security_appliancecisco email security applianceeq8.5.6-073
cisco:email_security_appliancecisco email security applianceeq8.5.6-074
cisco:email_security_appliancecisco email security applianceeq8.5.6-106
cisco:email_security_appliancecisco email security applianceeq8.5.6-113
cisco:email_security_appliancecisco email security applianceeq8.5.7-042
cisco:email_security_appliancecisco email security applianceeq8.5_base

CPE	Name	Operator	Version
cisco:email_security_appliance	cisco email security appliance	eq	7.7.0-000
cisco:email_security_appliance	cisco email security appliance	eq	7.7.1-000
cisco:email_security_appliance	cisco email security appliance	eq	8.0_base
cisco:email_security_appliance	cisco email security appliance	eq	8.5.6-052
cisco:email_security_appliance	cisco email security appliance	eq	8.5.6-073
cisco:email_security_appliance	cisco email security appliance	eq	8.5.6-074
cisco:email_security_appliance	cisco email security appliance	eq	8.5.6-106
cisco:email_security_appliance	cisco email security appliance	eq	8.5.6-113
cisco:email_security_appliance	cisco email security appliance	eq	8.5.7-042
cisco:email_security_appliance	cisco email security appliance	eq	8.5_base