Guest

Preview Tool

Cisco Bug: CSCzv93864 - Cisco IronPort ESA Subject header length DoS Vulnerability

Last Modified

Feb 14, 2018

Products (1)

  • Cisco Email Security Appliance

Known Affected Releases

7.1.3-012 7.5.0-327 7.5.2-000 7.6.0-000 8.0.0-000

Description (partial)

Symptom:
A vulnerability in Subject header length processing on Cisco IronPort ESA could allow an unauthenticated, remote attacker to cause a Denial of 
Service (DoS) condition on an affected platform.

The vulnerability is due to a lack of limiting length of Subject Header that the user can generate and send in an email through IronPort ESA 
appliance.. An attacker could exploit this vulnerability by sending a number of crafted messages across ESA appliance and observe high CPU 
condition and DoS condition eventually.. An exploit could allow the attacker to cause a Denial of Service (DoS) condition on an affected platform

Conditions:
Such message causes set of issues (if accepted by the ESA).

1. If such message gets quarantined, then it prevents admin user from normal
management of this quarantine.

Each operation in quarantine (each request) is time consuming and takes a lot of resources at the client''s side(browser).

2. An attempt to open(view) such message in quarantine is very expensive operation, because ESA returns full subject and browser renders it on the page.

3. A number of such messages can cause ESA to constantly use 99% CPU. CLI be be unresponsive while these
messages are in the workqueue, also ESA can''t accept other messages at this time.

Related Community Discussions

GD Availability of AsyncOS 8.5.7-042 for ESA
Cisco is pleased to announce the General Deployment (GD) milestone for 8.5.7-042 for Email.  This release applies to all our Email Security Appliances (ESA)[C-Series, X-Series, and all virtual appliances].   Short list of defects fixed in AsyncOS 8.5.7 for Email CSCus99228:  Hermes crash and scan failures, lzw.c 64bit defect CSCuf90996:  Hermes crash while writing out mid_map.chk CSCum48306:  Delivery Logs on the ESA and CPQ on the SMA causing Application Faults CSCup15937:  Mercury go network dead ...
Latest activity: Jun 16, 2015
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.