Ubuntu.comUB:CVE-2016-1405CVE-2016-1405
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.016 Low
EPSS
Percentile
87.6%
libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware
Protection (AMP) on Cisco Email Security Appliance (ESA) devices before
9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and
9.1.x before 9.1.1-041, allows remote attackers to cause a denial of
service (AMP process restart) via a crafted document, aka Bug IDs
CSCuv78533 and CSCuw60503.
Notes
| Author | Note |
|---|---|
| mdeslaur | no details as to what the fix is as of 2016-07-12 |
| ratliff | still no details as to what the fix is as of 2016-08-31 |
References
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160531-wsa-esa
github.com/vrtadmin/clamav-devel/blob/master/ChangeLog
launchpad.net/bugs/cve/CVE-2016-1405
nvd.nist.gov/vuln/detail/CVE-2016-1405
security-tracker.debian.org/tracker/CVE-2016-1405
ubuntu.com/security/notices/USN-3093-1
www.cve.org/CVERecord?id=CVE-2016-1405
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.016 Low
EPSS
Percentile
87.6%