Details of VAR-200606-0421

ID

VAR-200606-0421

CVE

CVE-2006-2806

TITLE

Apache James SMTP Remotely Extra long data Denial of service vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200606-102

DESCRIPTION

The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command. Apache James is prone to a remote denial-of-service vulnerability. This issue is due to the application's failure to efficiently handle malformed SMTP commands. This issue allows remote attackers to consume excessive CPU resources of affected computers, potentially denying service to legitimate users. Apache James version 2.2.0 is vulnerable to this issue; other versions may also be affected

Trust: 1.26

sources: NVD: CVE-2006-2806 // BID: 18138 // VULMON: CVE-2006-2806

AFFECTED PRODUCTS

vendor:	apache	model:	james	scope:	eq	version:	2.2.0	Trust: 1.6
vendor:	apache	model:	software foundation james	scope:	eq	version:	2.2	Trust: 0.3

sources: BID: 18138 // CNNVD: CNNVD-200606-102 // NVD: CVE-2006-2806

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-2806
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200606-102
value:	HIGH
Trust: 0.6
VULMON:	CVE-2006-2806
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2006-2806
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1

sources: VULMON: CVE-2006-2806 // CNNVD: CNNVD-200606-102 // NVD: CVE-2006-2806

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-2806

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200606-102

TYPE

Design Error

Trust: 0.9

sources: BID: 18138 // CNNVD: CNNVD-200606-102

EXTERNAL IDS

db:	BID	id:	18138	Trust: 2.0
db:	NVD	id:	CVE-2006-2806	Trust: 2.0
db:	SREASON	id:	1038	Trust: 1.7
db:	BUGTRAQ	id:	20060528 JAMES 2.2.0	Trust: 0.6
db:	XF	id:	26786	Trust: 0.6
db:	CNNVD	id:	CNNVD-200606-102	Trust: 0.6
db:	VULMON	id:	CVE-2006-2806	Trust: 0.1

sources: VULMON: CVE-2006-2806 // BID: 18138 // CNNVD: CNNVD-200606-102 // NVD: CVE-2006-2806

REFERENCES

url:	http://www.securityfocus.com/bid/18138	Trust: 1.8
url:	http://advisories.echo.or.id/adv/adv31-y3dips-2006.txt	Trust: 1.7
url:	http://securityreason.com/securityalert/1038	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/435278/100/0/threaded	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/26786	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/archive/1/435278/100/0/threaded	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/26786	Trust: 0.6
url:	http://james.apache.org/index.html	Trust: 0.3
url:	/archive/1/435278	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2006-2806 // BID: 18138 // CNNVD: CNNVD-200606-102 // NVD: CVE-2006-2806

CREDITS

Ahmad Muammar W.K y3dips@echo.or.id

Trust: 0.6

sources: CNNVD: CNNVD-200606-102

SOURCES

db:	VULMON	id:	CVE-2006-2806
db:	BID	id:	18138
db:	CNNVD	id:	CNNVD-200606-102
db:	NVD	id:	CVE-2006-2806

LAST UPDATE DATE

2024-11-23T22:32:24.209000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2006-2806	date:	2018-10-18T00:00:00
db:	BID	id:	18138	date:	2016-02-02T20:01:00
db:	CNNVD	id:	CNNVD-200606-102	date:	2006-06-05T00:00:00
db:	NVD	id:	CVE-2006-2806	date:	2024-11-21T00:12:08.070

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2006-2806	date:	2006-06-05T00:00:00
db:	BID	id:	18138	date:	2006-05-29T00:00:00
db:	CNNVD	id:	CNNVD-200606-102	date:	2006-05-29T00:00:00
db:	NVD	id:	CVE-2006-2806	date:	2006-06-05T17:02:00