[JAMES-535] Denial of service (CPU consumption) via a long argument to the MAIL command. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 2.2.0, 2.3.0
Fix Version/s: 2.3.0
Component/s: SMTPServer
Labels:
None

Description

The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.

See:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2806

Attachments

Activity

People

Assignee:: Noel J. Bergman

Reporter:: Norman Maurer

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 15/Jun/06 15:54

Updated:: 21/Nov/07 08:31

Resolved:: 16/Jun/06 04:02