PT-2006-3724 · Apache · Apache James

Ahmad Muammar W.K

Published

2006-06-05

Updated

2018-10-18

CVE-2006-2806

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Apache Java Mail Enterprise Server (aka Apache James) version 2.2.0

Description The issue allows remote attackers to cause a denial of service, specifically CPU consumption, by sending a long argument to the MAIL command in the SMTP server.

Recommendations For Apache Java Mail Enterprise Server (aka Apache James) version 2.2.0, consider restricting access to the SMTP server or limiting the length of arguments to the MAIL command as a temporary workaround until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-2806

Affected Products

Apache James

PT-2006-3724 · Apache · Apache James

CVE-2006-2806

Related Identifiers

Affected Products

References · 6