Apache James SMTP Denial Of Service Vulnerability

Bugtraq ID:	18138
Class:	Design Error
CVE:	CVE-2006-2806
Remote:	Yes
Local:	No
Published:	May 29 2006 12:00AM
Updated:	Feb 02 2016 08:01PM
Credit:	y3dips a.k.a Ahmad Muammar W.K discovered this issue.
Vulnerable:	Apache Software Foundation James 2.2
Not Vulnerable:

Apache James SMTP Denial Of Service Vulnerability

Apache James is prone to a remote denial-of-service vulnerability. This issue is due to the application's failure to efficiently handle malformed SMTP commands.

This issue allows remote attackers to consume excessive CPU resources of affected computers, potentially denying service to legitimate users.

Apache James version 2.2.0 is vulnerable to this issue; other versions may also be affected.

Apache James SMTP Denial Of Service Vulnerability

Attackers use standard network utilities to exploit this issue.

The following exploit code demonstrates this issue:

• /data/vulnerabilities/exploits/james.pl

Apache James SMTP Denial Of Service Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]

Apache James SMTP Denial Of Service Vulnerability

References:

• James Homepage (Apache Software Foundation)
  
• JAMES 2.2.0 <-- Denial Of Service ([email protected])