Cisco Bug: CSCzv93864 - Cisco IronPort ESA Subject header length DoS Vulnerability
Feb 14, 2018
- Cisco Email Security Appliance
Known Affected Releases
7.1.3-012 7.5.0-327 7.5.2-000 7.6.0-000 8.0.0-000
Symptom: A vulnerability in Subject header length processing on Cisco IronPort ESA could allow an unauthenticated, remote attacker to cause a Denial of Service (DoS) condition on an affected platform. The vulnerability is due to a lack of limiting length of Subject Header that the user can generate and send in an email through IronPort ESA appliance.. An attacker could exploit this vulnerability by sending a number of crafted messages across ESA appliance and observe high CPU condition and DoS condition eventually.. An exploit could allow the attacker to cause a Denial of Service (DoS) condition on an affected platform Conditions: Such message causes set of issues (if accepted by the ESA). 1. If such message gets quarantined, then it prevents admin user from normal management of this quarantine. Each operation in quarantine (each request) is time consuming and takes a lot of resources at the client''s side(browser). 2. An attempt to open(view) such message in quarantine is very expensive operation, because ESA returns full subject and browser renders it on the page. 3. A number of such messages can cause ESA to constantly use 99% CPU. CLI be be unresponsive while these messages are in the workqueue, also ESA can''t accept other messages at this time.
Related Community Discussions
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases