Details of VAR-200412-0673

ID

VAR-200412-0673

CVE

CVE-2004-2650

TITLE

Apache James Spooler Memory Leak Denial Of Service Vulnerability

Trust: 0.9

sources: BID: 15765 // CNNVD: CNNVD-200412-324

DESCRIPTION

Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak. James is prone to a memory leak denial of service vulnerability. This issue occurs during an error condition in the spooler. An attacker can exploit this issue by creating multiple error conditions and eventually consume system resources. Successful exploitation will ultimately crash the application denying service to legitimate users

Trust: 1.17

sources: NVD: CVE-2004-2650 // BID: 15765

AFFECTED PRODUCTS

vendor:	apache	model:	james	scope:	eq	version:	2.2.0	Trust: 1.6
vendor:	apache	model:	james	scope:	eq	version:	2.2	Trust: 0.3

sources: BID: 15765 // CNNVD: CNNVD-200412-324 // NVD: CVE-2004-2650

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-2650
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200412-324
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2004-2650
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

sources: CNNVD: CNNVD-200412-324 // NVD: CVE-2004-2650

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-2650

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-200412-324

TYPE

Design Error

Trust: 0.9

sources: BID: 15765 // CNNVD: CNNVD-200412-324

EXTERNAL IDS

db:	BID	id:	15765	Trust: 1.9
db:	NVD	id:	CVE-2004-2650	Trust: 1.6
db:	NSFOCUS	id:	8315	Trust: 0.6
db:	CNNVD	id:	CNNVD-200412-324	Trust: 0.6

sources: BID: 15765 // CNNVD: CNNVD-200412-324 // NVD: CVE-2004-2650

REFERENCES

url:	http://james.apache.org/changelog.html	Trust: 1.9
url:	http://issues.apache.org/jira/browse/james-268	Trust: 1.9
url:	http://www.securityfocus.com/bid/15765	Trust: 1.6
url:	http://www.nsfocus.net/vulndb/8315	Trust: 0.6
url:	http://james.apache.org/index.html	Trust: 0.3

sources: BID: 15765 // CNNVD: CNNVD-200412-324 // NVD: CVE-2004-2650

CREDITS

Noel J. Bergman

Trust: 0.6

sources: CNNVD: CNNVD-200412-324

SOURCES

db:	BID	id:	15765
db:	CNNVD	id:	CNNVD-200412-324
db:	NVD	id:	CVE-2004-2650

LAST UPDATE DATE

2024-08-14T15:25:42.440000+00:00

SOURCES UPDATE DATE

db:	BID	id:	15765	date:	2005-12-07T00:00:00
db:	CNNVD	id:	CNNVD-200412-324	date:	2006-01-19T00:00:00
db:	NVD	id:	CVE-2004-2650	date:	2008-09-05T20:44:44.107

SOURCES RELEASE DATE

db:	BID	id:	15765	date:	2005-12-07T00:00:00
db:	CNNVD	id:	CNNVD-200412-324	date:	2004-12-31T00:00:00
db:	NVD	id:	CVE-2004-2650	date:	2004-12-31T05:00:00