Improper input validation in Cisco Email_security_appliance
CVE-2015-6291
Cisco AsyncOS before 8.5.7-043, 9.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-046 on Email Security Appliance (ESA) devices mishandles malformed fields during body-contains, attachment-contains, every-attachment-contains, attachme…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.004 (62.7th percentile) — read the EPSS interpretation.
Affected products
- Cisco Email_security_appliance — versions 7.7.0-000, 7.7.1-000, 8.0_base
- N/a — versions n/a
Weakness classification (CWE)
References
- 1034064 (vdb-entry, x_refsource_SECTRACK)
- 20151104 Cisco Email Security Appliance Email Scanner Denial of Service Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)