[#JAMES-535] Denial of service (CPU consumption) via a long argument to the MAIL command.

JAMES Server

Denial of service (CPU consumption) via a long argument to the MAIL command.

Created: 15/Jun/06 03:54 PM Updated: 21/Nov/07 08:31 AM

Return to search

Component/s:

SMTPServer

Affects Version/s:

2.2.0, 2.3.0

Fix Version/s:

2.3.0

Time Tracking:

Not Specified

Resolution Date:

16/Jun/06 04:02 AM

Description

« Hide

The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.

See:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2806

All

Comments

Work Log

Change History

Subversion Commits

Sort Order:

Repository	Revision	Date	User	Message
ASF	#414436	Thu Jun 15 02:00:50 UTC 2006	noel	Quick fix for CVE-2006-2806 / ~~JAMES-535~~
				Files Changed
				MODIFY /james/server/trunk/src/java/org/apache/james/util/CRLFTerminatedReader.java MODIFY /james/server/trunk/src/java/org/apache/james/smtpserver/SMTPHandler.java

Repository	Revision	Date	User	Message
ASF	#414677	Thu Jun 15 20:41:45 UTC 2006	noel	Quick fix for CVE-2006-2806 / ~~JAMES-535~~
				Files Changed
				MODIFY /james/server/branches/v2.3/src/java/org/apache/james/smtpserver/SMTPHandler.java

Repository	Revision	Date	User	Message
ASF	#414680	Thu Jun 15 20:44:47 UTC 2006	noel	Copy part of a quick fix for CVE-2006-2806 / ~~JAMES-535~~ from trunk
				Files Changed
				ADD /james/server/branches/v2.3/src/java/org/apache/james/util/CRLFTerminatedReader.java (from /james/server/trunk/src/java/org/apache/james/util/CRLFTerminatedReader.java)