Vulnerability-Lookup

CVE-2014-8016 (GCVE-0-2014-8016)

Vulnerability from cvelistv5 – Published: 2014-12-19 02:00 – Updated: 2024-08-06 13:10

Summary

The Cisco IronPort Email Security Appliance (ESA) allows remote attackers to cause a denial of service (CPU consumption) via long Subject headers in e-mail messages, aka Bug ID CSCzv93864.

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

GSD-2014-8016

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

The Cisco IronPort Email Security Appliance (ESA) allows remote attackers to cause a denial of service (CPU consumption) via long Subject headers in e-mail messages, aka Bug ID CSCzv93864.

Aliases

CVE-2014-8016

Aliases

CVE-2014-8016

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-8016",
    "description": "The Cisco IronPort Email Security Appliance (ESA) allows remote attackers to cause a denial of service (CPU consumption) via long Subject headers in e-mail messages, aka Bug ID CSCzv93864.",
    "id": "GSD-2014-8016"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-8016"
      ],
      "details": "The Cisco IronPort Email Security Appliance (ESA) allows remote attackers to cause a denial of service (CPU consumption) via long Subject headers in e-mail messages, aka Bug ID CSCzv93864.",
      "id": "GSD-2014-8016",
      "modified": "2023-12-13T01:22:49.118475Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2014-8016",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Cisco IronPort Email Security Appliance (ESA) allows remote attackers to cause a denial of service (CPU consumption) via long Subject headers in e-mail messages, aka Bug ID CSCzv93864."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20141218 Cisco IronPort ESA Subject Header Length Denial of Service Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8016"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:ironport_email_security_appliances:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-8016"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Cisco IronPort Email Security Appliance (ESA) allows remote attackers to cause a denial of service (CPU consumption) via long Subject headers in e-mail messages, aka Bug ID CSCzv93864."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20141218 Cisco IronPort ESA Subject Header Length Denial of Service Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8016"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2014-12-19T13:50Z",
      "publishedDate": "2014-12-19T02:59Z"
    }
  }
}

GHSA-9W76-PJCW-3252

Vulnerability from github – Published: 2022-05-17 04:19 – Updated: 2022-05-17 04:19

Details

The Cisco IronPort Email Security Appliance (ESA) allows remote attackers to cause a denial of service (CPU consumption) via long Subject headers in e-mail messages, aka Bug ID CSCzv93864.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-8016"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-12-19T02:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The Cisco IronPort Email Security Appliance (ESA) allows remote attackers to cause a denial of service (CPU consumption) via long Subject headers in e-mail messages, aka Bug ID CSCzv93864.",
  "id": "GHSA-9w76-pjcw-3252",
  "modified": "2022-05-17T04:19:29Z",
  "published": "2022-05-17T04:19:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8016"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8016"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-201412-0302

Vulnerability from variot - Updated: 2025-04-12 23:32

The Cisco IronPort Email Security Appliance (ESA) allows remote attackers to cause a denial of service (CPU consumption) via long Subject headers in e-mail messages, aka Bug ID CSCzv93864. Successful exploitation of the issue will cause excessive CPU consumption, resulting in a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCzv93864. The appliance offers spam protection, email encryption, data loss prevention, and more

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201412-0302",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ironport email security appliances",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "e email security the appliance",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ironport email security appliances",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ironport email security appliance cx1070",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ironport email security appliance c670",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ironport email security appliance c370d",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ironport email security appliance c370",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ironport email security appliance c160",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ironport email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "ironport email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3"
      },
      {
        "model": "ironport email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2"
      },
      {
        "model": "ironport email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.1"
      },
      {
        "model": "ironport email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "71779"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007309"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201412-423"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-8016"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:cisco:email_security_appliance",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007309"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "71779"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2014-8016",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2014-8016",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-75961",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2014-8016",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2014-8016",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201412-423",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-75961",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-75961"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007309"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201412-423"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-8016"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Cisco IronPort Email Security Appliance (ESA) allows remote attackers to cause a denial of service (CPU consumption) via long Subject headers in e-mail messages, aka Bug ID CSCzv93864. \nSuccessful exploitation of the issue will cause excessive CPU consumption, resulting in a denial-of-service condition. \nThis issue is being tracked by Cisco Bug ID CSCzv93864. The appliance offers spam protection, email encryption, data loss prevention, and more",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-8016"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007309"
      },
      {
        "db": "BID",
        "id": "71779"
      },
      {
        "db": "VULHUB",
        "id": "VHN-75961"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-8016",
        "trust": 2.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007309",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201412-423",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "71779",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-75961",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-75961"
      },
      {
        "db": "BID",
        "id": "71779"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007309"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201412-423"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-8016"
      }
    ]
  },
  "id": "VAR-201412-0302",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-75961"
      }
    ],
    "trust": 0.53892258
  },
  "last_update_date": "2025-04-12T23:32:52.463000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Cisco IronPort ESA Subject Header Length Denial of Service Vulnerability",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8016"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007309"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-75961"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007309"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-8016"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-8016"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8016"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8016"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/c/en/us/products/security/email-security-appliance/index.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.3,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=36818"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-75961"
      },
      {
        "db": "BID",
        "id": "71779"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007309"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201412-423"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-8016"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-75961"
      },
      {
        "db": "BID",
        "id": "71779"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007309"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201412-423"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-8016"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-12-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-75961"
      },
      {
        "date": "2014-12-23T00:00:00",
        "db": "BID",
        "id": "71779"
      },
      {
        "date": "2014-12-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-007309"
      },
      {
        "date": "2014-12-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201412-423"
      },
      {
        "date": "2014-12-19T02:59:04.813000",
        "db": "NVD",
        "id": "CVE-2014-8016"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-12-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-75961"
      },
      {
        "date": "2014-12-23T00:00:00",
        "db": "BID",
        "id": "71779"
      },
      {
        "date": "2014-12-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-007309"
      },
      {
        "date": "2014-12-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201412-423"
      },
      {
        "date": "2025-04-12T10:46:40.837000",
        "db": "NVD",
        "id": "CVE-2014-8016"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201412-423"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco IronPort Email Security Appliance Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007309"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201412-423"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2014-09187

Vulnerability from cnvd - Published: 2014-12-29

Title

Cisco IronPort Email Security Appliance拒绝服务漏洞

Description

Cisco IronPort Email Security Appliance是架构多层邮件安全管理工具。 Cisco IronPort Email Security Appliance存在拒绝服务漏洞，允许攻击者利用此漏洞使CPU占用率过高，发起拒绝服务攻击。

Severity

中

Patch Name

Cisco IronPort Email Security Appliance拒绝服务漏洞的补丁

Patch Description

Cisco IronPort Email Security Appliance是架构多层邮件安全管理工具。 Cisco IronPort Email Security Appliance存在拒绝服务漏洞，允许攻击者利用此漏洞使CPU占用率过高，发起拒绝服务攻击。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可以联系供应商获得补丁信息： http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8016

Reference

http://www.securityfocus.com/bid/71779 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8016

Impacted products

Name
Cisco IronPort Email Security Appliance

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "71779"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2014-8016"
    }
  },
  "description": "Cisco IronPort Email Security Appliance\u662f\u67b6\u6784\u591a\u5c42\u90ae\u4ef6\u5b89\u5168\u7ba1\u7406\u5de5\u5177\u3002\r\n\r\nCisco IronPort Email Security Appliance\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u4f7fCPU\u5360\u7528\u7387\u8fc7\u9ad8\uff0c\u53d1\u8d77\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u7528\u6237\u53ef\u4ee5\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8016",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2014-09187",
  "openTime": "2014-12-29",
  "patchDescription": "Cisco IronPort Email Security Appliance\u662f\u67b6\u6784\u591a\u5c42\u90ae\u4ef6\u5b89\u5168\u7ba1\u7406\u5de5\u5177\u3002\r\n\r\nCisco IronPort Email Security Appliance\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u4f7fCPU\u5360\u7528\u7387\u8fc7\u9ad8\uff0c\u53d1\u8d77\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco IronPort Email Security Appliance\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco IronPort Email Security Appliance"
  },
  "referenceLink": "http://www.securityfocus.com/bid/71779\r\nhttp://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8016",
  "serverity": "\u4e2d",
  "submitTime": "2014-12-26",
  "title": "Cisco IronPort Email Security Appliance\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

FKIE_CVE-2014-8016

Vulnerability from fkie_nvd - Published: 2014-12-19 02:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

The Cisco IronPort Email Security Appliance (ESA) allows remote attackers to cause a denial of service (CPU consumption) via long Subject headers in e-mail messages, aka Bug ID CSCzv93864.

References

	URL	Tags
	psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8016	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8016	Vendor Advisory

Impacted products

	Vendor	Product	Version
	cisco	ironport_email_security_appliances	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ironport_email_security_appliances:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "39643AE6-ED3C-4B2A-AA64-5B65E61FBC6F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Cisco IronPort Email Security Appliance (ESA) allows remote attackers to cause a denial of service (CPU consumption) via long Subject headers in e-mail messages, aka Bug ID CSCzv93864."
    },
    {
      "lang": "es",
      "value": "Cisco IronPort Email Security Appliance permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de CPU) a trav\u00e9s de largas cabeceras Asunto (Subject) en mensajes de correo electr\u00f3nico, tambi\u00e9n conocido como el error con ID CSCzv93864."
    }
  ],
  "id": "CVE-2014-8016",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-12-19T02:59:04.813",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8016"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8016"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-8016 (GCVE-0-2014-8016)

GSD-2014-8016

GHSA-9W76-PJCW-3252

VAR-201412-0302

CNVD-2014-09187

FKIE_CVE-2014-8016

Tags

Sightings

Nomenclature