CVE-2002-0368 — Uncontrolled Resource Consumption in Microsoft Exchange Server

CWE-400 — Uncontrolled Resource Consumption3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

21.3%

top 4.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Exchange Server

Timeline

PublishedJun 18

Latest updateApr 30

Description

The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources."

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/exchange_server2000

Patches

Patch: docs.microsoft.com ↗Patch: docs.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-m48r-j6v8-pc26: The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malforme↗2022-04-30

▶

CVEList

CVE-2002-0368: The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malforme↗2003-04-02

▶