CVE-2000-1006 — Improper Handling of Missing Values in Microsoft Exchange Server

CWE-230 — Improper Handling of Missing Values4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

10.0%

top 6.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Exchange Server

Timeline

PublishedDec 11

Latest updateApr 30

Description

Microsoft Exchange Server 5.5 does not properly handle a MIME header with a blank charset specified, which allows remote attackers to cause a denial of service via a charset="" command, aka the "Malformed MIME Header" vulnerability.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/exchange_server5.5

Patches

Patch: www.securityfocus.com ↗Patch: docs.microsoft.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-mcv5-j53r-62hw: Microsoft Exchange Server 5↗2022-04-30

▶

CVEList

CVE-2000-1006: Microsoft Exchange Server 5↗2001-01-22

▶

📐Framework References

CWE

Improper Handling of Missing Values

▶