Vulnerability-Lookup

CVE-2015-4278 (GCVE-0-2015-4278)

Vulnerability from cvelistv5 – Published: 2015-07-16 19:00 – Updated: 2024-08-06 06:11

Summary

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

GHSA-J467-JVCH-4WXP

Vulnerability from github – Published: 2022-05-14 02:13 – Updated: 2022-05-14 02:13

Details

Show details on source website

JSON

To clipboard Create KEV Entry

{
  "affected": [],
  "aliases": [
    "CVE-2015-4278"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-07-16T19:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Cisco Email Security Appliance (ESA) devices with software 8.5.6-106 and 9.5.0-201 allow remote attackers to cause a denial of service (per-domain e-mail reception outage) by placing malformed DMARC policy data in DNS TXT records for a domain, aka Bug ID CSCuv14806.",
  "id": "GHSA-j467-jvch-4wxp",
  "modified": "2022-05-14T02:13:10Z",
  "published": "2022-05-14T02:13:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4278"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39940"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032961"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2015-4278

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2015-4278

Aliases

CVE-2015-4278

JSON

To clipboard Create KEV Entry

{
  "GSD": {
    "alias": "CVE-2015-4278",
    "description": "Cisco Email Security Appliance (ESA) devices with software 8.5.6-106 and 9.5.0-201 allow remote attackers to cause a denial of service (per-domain e-mail reception outage) by placing malformed DMARC policy data in DNS TXT records for a domain, aka Bug ID CSCuv14806.",
    "id": "GSD-2015-4278"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-4278"
      ],
      "details": "Cisco Email Security Appliance (ESA) devices with software 8.5.6-106 and 9.5.0-201 allow remote attackers to cause a denial of service (per-domain e-mail reception outage) by placing malformed DMARC policy data in DNS TXT records for a domain, aka Bug ID CSCuv14806.",
      "id": "GSD-2015-4278",
      "modified": "2023-12-13T01:19:59.816862Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2015-4278",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cisco Email Security Appliance (ESA) devices with software 8.5.6-106 and 9.5.0-201 allow remote attackers to cause a denial of service (per-domain e-mail reception outage) by placing malformed DMARC policy data in DNS TXT records for a domain, aka Bug ID CSCuv14806."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20150715 Cisco Email Security Appliance Malformed DMARC Policy Records File Modification Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39940"
          },
          {
            "name": "1032961",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1032961"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:email_security_appliance_firmware:9.5.0-201:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:email_security_appliance_firmware:8.5.6-106:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-4278"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cisco Email Security Appliance (ESA) devices with software 8.5.6-106 and 9.5.0-201 allow remote attackers to cause a denial of service (per-domain e-mail reception outage) by placing malformed DMARC policy data in DNS TXT records for a domain, aka Bug ID CSCuv14806."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20150715 Cisco Email Security Appliance Malformed DMARC Policy Records File Modification Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39940"
            },
            {
              "name": "1032961",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1032961"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-30T16:27Z",
      "publishedDate": "2015-07-16T19:59Z"
    }
  }
}

CNVD-2015-04960

Vulnerability from cnvd - Published: 2015-07-28

Title

Cisco Email Security Appliance DMARC策略处理远程拒绝服务漏洞

Description

Cisco Email Security Appliance是广泛使用的邮件加密网关，能够无缝地完成机密电子邮件的加密、解密和数字签名工作。 Cisco Email Security Appliance存在安全漏洞，允许远程用户生成特制的DMARC策略记录，当目标设备处理时，可导致设备停止接收使用特制DMARC策略记录域的EMAIL消息。

Severity

中

Patch Name

Cisco Email Security Appliance DMARC策略处理远程拒绝服务漏洞的补丁

Patch Description

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： http://tools.cisco.com/security/center/viewAlert.x?alertId=39940

Reference

http://tools.cisco.com/security/center/viewAlert.x?alertId=39940

Impacted products

Name
['Cisco Email Security Appliance (ESA) 8.5.6-106', 'Cisco Email Security Appliance (ESA) 9.5 .0-201']

Show details on source website

JSON

To clipboard Create KEV Entry

{
  "bids": {
    "bid": {
      "bidNumber": "75920"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-4278"
    }
  },
  "description": "Cisco Email Security Appliance\u662f\u5e7f\u6cdb\u4f7f\u7528\u7684\u90ae\u4ef6\u52a0\u5bc6\u7f51\u5173\uff0c\u80fd\u591f\u65e0\u7f1d\u5730\u5b8c\u6210\u673a\u5bc6\u7535\u5b50\u90ae\u4ef6\u7684\u52a0\u5bc6\u3001\u89e3\u5bc6\u548c\u6570\u5b57\u7b7e\u540d\u5de5\u4f5c\u3002\r\n\r\nCisco Email Security Appliance\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u7528\u6237\u751f\u6210\u7279\u5236\u7684DMARC\u7b56\u7565\u8bb0\u5f55\uff0c\u5f53\u76ee\u6807\u8bbe\u5907\u5904\u7406\u65f6\uff0c\u53ef\u5bfc\u81f4\u8bbe\u5907\u505c\u6b62\u63a5\u6536\u4f7f\u7528\u7279\u5236DMARC\u7b56\u7565\u8bb0\u5f55\u57df\u7684EMAIL\u6d88\u606f\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://tools.cisco.com/security/center/viewAlert.x?alertId=39940",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-04960",
  "openTime": "2015-07-28",
  "patchDescription": "Cisco Email Security Appliance\u662f\u5e7f\u6cdb\u4f7f\u7528\u7684\u90ae\u4ef6\u52a0\u5bc6\u7f51\u5173\uff0c\u80fd\u591f\u65e0\u7f1d\u5730\u5b8c\u6210\u673a\u5bc6\u7535\u5b50\u90ae\u4ef6\u7684\u52a0\u5bc6\u3001\u89e3\u5bc6\u548c\u6570\u5b57\u7b7e\u540d\u5de5\u4f5c\u3002\r\n\r\nCisco Email Security Appliance\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u7528\u6237\u751f\u6210\u7279\u5236\u7684DMARC\u7b56\u7565\u8bb0\u5f55\uff0c\u5f53\u76ee\u6807\u8bbe\u5907\u5904\u7406\u65f6\uff0c\u53ef\u5bfc\u81f4\u8bbe\u5907\u505c\u6b62\u63a5\u6536\u4f7f\u7528\u7279\u5236DMARC\u7b56\u7565\u8bb0\u5f55\u57df\u7684EMAIL\u6d88\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Email Security Appliance DMARC\u7b56\u7565\u5904\u7406\u8fdc\u7a0b\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Email Security Appliance (ESA) 8.5.6-106",
      "Cisco Email Security Appliance (ESA) 9.5 .0-201"
    ]
  },
  "referenceLink": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39940",
  "serverity": "\u4e2d",
  "submitTime": "2015-07-20",
  "title": "Cisco Email Security Appliance DMARC\u7b56\u7565\u5904\u7406\u8fdc\u7a0b\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

FKIE_CVE-2015-4278

Vulnerability from fkie_nvd - Published: 2015-07-16 19:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/viewAlert.x?alertId=39940	Vendor Advisory
psirt@cisco.com	http://www.securitytracker.com/id/1032961
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/viewAlert.x?alertId=39940	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032961

Impacted products

	Vendor	Product	Version
	cisco	email_security_appliance_firmware	8.5.6-106
	cisco	email_security_appliance_firmware	9.5.0-201

JSON

To clipboard Create KEV Entry

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:email_security_appliance_firmware:8.5.6-106:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F5840E-51CB-4561-BD87-09D7806EA016",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:email_security_appliance_firmware:9.5.0-201:*:*:*:*:*:*:*",
              "matchCriteriaId": "2992DB06-93A8-43B4-8BC7-B79DED718869",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco Email Security Appliance (ESA) devices with software 8.5.6-106 and 9.5.0-201 allow remote attackers to cause a denial of service (per-domain e-mail reception outage) by placing malformed DMARC policy data in DNS TXT records for a domain, aka Bug ID CSCuv14806."
    },
    {
      "lang": "es",
      "value": "Los dispositivos Cisco Email Security Appliance (ESA) con software 8.5.6-106 y 9.5.0-201 permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (corte de recepci\u00f3n del e-mail por dominio) insertando datos de pol\u00edtica DMARC manipulados en registros de texto DNS para un dominio, tambi\u00e9n conocido como Bug ID CSCuv14806."
    }
  ],
  "id": "CVE-2015-4278",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-07-16T19:59:03.757",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39940"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1032961"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39940"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032961"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201507-0507

Vulnerability from variot - Updated: 2025-04-13 23:29

Cisco Email Security Appliance (ESA) devices with software 8.5.6-106 and 9.5.0-201 allow remote attackers to cause a denial of service (per-domain e-mail reception outage) by placing malformed DMARC policy data in DNS TXT records for a domain, aka Bug ID CSCuv14806. Cisco Email Security Appliance is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the affected application to stop receiving email messages, resulting in a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCuv14806. The appliance offers spam protection, email encryption, data loss prevention, and more

Show details on source website

JSON

To clipboard Create KEV Entry

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201507-0507",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 2.5,
        "vendor": "cisco",
        "version": "9.5.0-201"
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 2.5,
        "vendor": "cisco",
        "version": "8.5.6-106"
      },
      {
        "model": "e email security the appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "none"
      },
      {
        "model": "e email security the appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "software  8.5.6-106"
      },
      {
        "model": "e email security the appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "software  9.5.0-201"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "75920"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003857"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-635"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4278"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:cisco:email_security_appliance",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003857"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "75920"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-4278",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2015-4278",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-82239",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2015-4278",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2015-4278",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201507-635",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-82239",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82239"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003857"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-635"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4278"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Email Security Appliance (ESA) devices with software 8.5.6-106 and 9.5.0-201 allow remote attackers to cause a denial of service (per-domain e-mail reception outage) by placing malformed DMARC policy data in DNS TXT records for a domain, aka Bug ID CSCuv14806. Cisco Email Security Appliance is prone to a remote denial-of-service vulnerability. \nAn attacker can exploit this issue to cause the affected application to stop receiving email messages, resulting in a denial-of-service condition. \nThis issue is being tracked by Cisco Bug ID CSCuv14806. The appliance offers spam protection, email encryption, data loss prevention, and more",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-4278"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003857"
      },
      {
        "db": "BID",
        "id": "75920"
      },
      {
        "db": "VULHUB",
        "id": "VHN-82239"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-4278",
        "trust": 2.8
      },
      {
        "db": "SECTRACK",
        "id": "1032961",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003857",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-635",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "75920",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-82239",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82239"
      },
      {
        "db": "BID",
        "id": "75920"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003857"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-635"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4278"
      }
    ]
  },
  "id": "VAR-201507-0507",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82239"
      }
    ],
    "trust": 0.53892258
  },
  "last_update_date": "2025-04-13T23:29:33.247000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "39940",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39940"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003857"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82239"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003857"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4278"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39940"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1032961"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4278"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4278"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/c/en/us/products/security/email-security-appliance/index.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82239"
      },
      {
        "db": "BID",
        "id": "75920"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003857"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-635"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4278"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-82239"
      },
      {
        "db": "BID",
        "id": "75920"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003857"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-635"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4278"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-07-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-82239"
      },
      {
        "date": "2015-07-15T00:00:00",
        "db": "BID",
        "id": "75920"
      },
      {
        "date": "2015-07-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003857"
      },
      {
        "date": "2015-07-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201507-635"
      },
      {
        "date": "2015-07-16T19:59:03.757000",
        "db": "NVD",
        "id": "CVE-2015-4278"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-82239"
      },
      {
        "date": "2015-07-15T00:00:00",
        "db": "BID",
        "id": "75920"
      },
      {
        "date": "2015-07-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003857"
      },
      {
        "date": "2015-07-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201507-635"
      },
      {
        "date": "2025-04-12T10:46:40.837000",
        "db": "NVD",
        "id": "CVE-2015-4278"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-635"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco E Email Security Service disruption in appliance device software  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003857"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-635"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-4278 (GCVE-0-2015-4278)

GHSA-J467-JVCH-4WXP

GSD-2015-4278

CNVD-2015-04960

FKIE_CVE-2015-4278

VAR-201507-0507

Tags

Sightings

Nomenclature