CVE-2015-6291

Name of the Vulnerable Software and Affected Versions Cisco Email Security Appliance (ESA) versions prior to 8.5.7-043 Cisco Email Security Appliance (ESA) versions 9.x prior to 9.1.1-023 Cisco Email Security Appliance (ESA) versions 9.5.x and 9.6.x prior to 9.6.0-046

Description The issue arises from the mishandling of malformed fields during certain filtering operations, including body-contains, attachment-contains, every-attachment-contains, attachment-binary-contains, dictionary-match, and attachment-dictionary-match. This allows remote attackers to cause a denial of service due to memory consumption by sending a crafted attachment in an email message.

Recommendations For versions prior to 8.5.7-043, update to version 8.5.7-043 or later. For versions 9.x prior to 9.1.1-023, update to version 9.1.1-023 or later. For versions 9.5.x and 9.6.x prior to 9.6.0-046, update to version 9.6.0-046 or later.