CVE-2015-6291: Input Validation

First published: Fri Nov 06 2015(Updated: )

Cisco AsyncOS before 8.5.7-043, 9.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-046 on Email Security Appliance (ESA) devices mishandles malformed fields during body-contains, attachment-contains, every-attachment-contains, attachment-binary-contains, dictionary-match, and attachment-dictionary-match filtering, which allows remote attackers to cause a denial of service (memory consumption) via a crafted attachment in an e-mail message, aka Bug ID CSCuv47151.

Credit: ykramarz@cisco.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/nvd-index
• agent/severity
• agent/references
• agent/weakness
• agent/author
• agent/description
• agent/softwarecombine
• agent/last-modified-date
• agent/first-publish-date
• agent/event
• agent/type
• agent/tags
• collector/mitre-cve
• source/MITRE
• vendor/cisco
• canonical/cisco email security appliance
• version/cisco email security appliance/7.7.0-000
• version/cisco email security appliance/7.7.1-000
• version/cisco email security appliance/8.0_base
• version/cisco email security appliance/8.5.6-052
• version/cisco email security appliance/8.5.6-073
• version/cisco email security appliance/8.5.6-074
• version/cisco email security appliance/8.5.6-106
• version/cisco email security appliance/8.5.6-113
• version/cisco email security appliance/8.5.7-042
• version/cisco email security appliance/8.5_base
• version/cisco email security appliance/9.0.0
• version/cisco email security appliance/9.0.0-212
• version/cisco email security appliance/9.0.0-461
• version/cisco email security appliance/9.0.5-000
• version/cisco email security appliance/9.1.0-032
• version/cisco email security appliance/9.6.0-042