Lucene search

CiscoCVE-2015-6291

HistoryNov 06, 2015 - 3:59 a.m.

CVE-2015-6291

2015-11-0603:59:00

CWE-20

cisco

web.nvd.nist.gov

cve-2015-6291

cisco asyncos

email security appliance

esa

denial of service

bug id

cscuv47151

nvd

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

AI Score

6.8

Confidence

Low

EPSS

0.002

Percentile

56.0%

JSON

Cisco AsyncOS before 8.5.7-043, 9.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-046 on Email Security Appliance (ESA) devices mishandles malformed fields during body-contains, attachment-contains, every-attachment-contains, attachment-binary-contains, dictionary-match, and attachment-dictionary-match filtering, which allows remote attackers to cause a denial of service (memory consumption) via a crafted attachment in an e-mail message, aka Bug ID CSCuv47151.

Affected configurations

Nvd

Node

ciscoemail_security_applianceMatch7.7.0-000

ciscoemail_security_applianceMatch7.7.1-000

ciscoemail_security_applianceMatch8.0_base

ciscoemail_security_applianceMatch8.5.6-052

ciscoemail_security_applianceMatch8.5.6-073

ciscoemail_security_applianceMatch8.5.6-074

ciscoemail_security_applianceMatch8.5.6-106

ciscoemail_security_applianceMatch8.5.6-113

ciscoemail_security_applianceMatch8.5.7-042

ciscoemail_security_applianceMatch8.5_base

ciscoemail_security_applianceMatch9.0.0

ciscoemail_security_applianceMatch9.0.0-212

ciscoemail_security_applianceMatch9.0.0-461

ciscoemail_security_applianceMatch9.0.5-000

ciscoemail_security_applianceMatch9.1.0-032

ciscoemail_security_applianceMatch9.6.0-042

VendorProductVersionCPE
ciscoemail_security_appliance7.7.0-000cpe:2.3:a:cisco:email_security_appliance:7.7.0-000:*:*:*:*:*:*:*
ciscoemail_security_appliance7.7.1-000cpe:2.3:a:cisco:email_security_appliance:7.7.1-000:*:*:*:*:*:*:*
ciscoemail_security_appliance8.0_basecpe:2.3:a:cisco:email_security_appliance:8.0_base:*:*:*:*:*:*:*
ciscoemail_security_appliance8.5.6-052cpe:2.3:a:cisco:email_security_appliance:8.5.6-052:*:*:*:*:*:*:*
ciscoemail_security_appliance8.5.6-073cpe:2.3:a:cisco:email_security_appliance:8.5.6-073:*:*:*:*:*:*:*
ciscoemail_security_appliance8.5.6-074cpe:2.3:a:cisco:email_security_appliance:8.5.6-074:*:*:*:*:*:*:*
ciscoemail_security_appliance8.5.6-106cpe:2.3:a:cisco:email_security_appliance:8.5.6-106:*:*:*:*:*:*:*
ciscoemail_security_appliance8.5.6-113cpe:2.3:a:cisco:email_security_appliance:8.5.6-113:*:*:*:*:*:*:*
ciscoemail_security_appliance8.5.7-042cpe:2.3:a:cisco:email_security_appliance:8.5.7-042:*:*:*:*:*:*:*
ciscoemail_security_appliance8.5_basecpe:2.3:a:cisco:email_security_appliance:8.5_base:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	email_security_appliance	7.7.0-000	cpe:2.3:a:cisco:email_security_appliance:7.7.0-000:::::::*
cisco	email_security_appliance	7.7.1-000	cpe:2.3:a:cisco:email_security_appliance:7.7.1-000:::::::*
cisco	email_security_appliance	8.0_base	cpe:2.3:a:cisco:email_security_appliance:8.0_base:::::::*
cisco	email_security_appliance	8.5.6-052	cpe:2.3:a:cisco:email_security_appliance:8.5.6-052:::::::*
cisco	email_security_appliance	8.5.6-073	cpe:2.3:a:cisco:email_security_appliance:8.5.6-073:::::::*
cisco	email_security_appliance	8.5.6-074	cpe:2.3:a:cisco:email_security_appliance:8.5.6-074:::::::*
cisco	email_security_appliance	8.5.6-106	cpe:2.3:a:cisco:email_security_appliance:8.5.6-106:::::::*
cisco	email_security_appliance	8.5.6-113	cpe:2.3:a:cisco:email_security_appliance:8.5.6-113:::::::*
cisco	email_security_appliance	8.5.7-042	cpe:2.3:a:cisco:email_security_appliance:8.5.7-042:::::::*
cisco	email_security_appliance	8.5_base	cpe:2.3:a:cisco:email_security_appliance:8.5_base:::::::*