Cisco Bug: CSCvs73812 - Additional characters in From header with multiple email address bypass FED
Mar 02, 2020
- Cisco Email Security Appliance
Known Affected Releases
Symptom: From headers containing multiple email addresses with additional characters are not detected as FED violations. With a dictionary containing the term "Patrick Koller" is used, the following headers will not be detected as a FED violation: From: "email@example.com VNM" <firstname.lastname@example.org> From: "email@example.com A" <firstname.lastname@example.org> While the below would trigger as expected. From: "email@example.com" <firstname.lastname@example.org> From: "patrick koller VNM" <email@example.com> Conditions: ESA with Async OS 13 configured with content filter with forged email detection condition. Email passed through the ESA with From header containing multiple email addresses and an additional character in the display name.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases