Executive Summary
Summary | |
---|---|
Title | Vulnerability in Microsoft Exchange Server Could Allow Denial of Service (2407132) |
Informations | |||
---|---|---|---|
Name | MS10-106 | First vendor Publication | 2010-12-14 |
Vendor | Microsoft | Last vendor Modification | 2010-12-14 |
Severity (Vendor) | Moderate | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 4 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.0 (December 14, 2010): Bulletin published.Summary: This security update resolves a privately reported vulnerability in Microsoft Exchange Server. The vulnerability could allow denial of service if an authenticated attacker sent a specially crafted network message to a computer running the Exchange service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS10-106.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12019 | |||
Oval ID: | oval:org.mitre.oval:def:12019 | ||
Title: | Exchange Server Infinite Loop Vulnerability | ||
Description: | Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3937 | Version: | 4 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 | Product(s): | Microsoft Exchange Server |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
69810 | Microsoft Exchange Server store.exe Malformed MAPI Request Infinite Loop Remo... Microsoft Exchange Server contains a flaw that may allow a local denial of service. The issue is triggered when an error in store.exe when processing RPC requests occurs, and may be exploited to cause an infinite loop via a specifically crafted MAPI request, resulting in a loss of availability. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2010-12-16 | IAVM : 2010-B-0107 - Microsoft Exchange Server Denial of Service Vulnerability Severity : Category II - VMSKEY : V0025857 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2018-04-03 | Name : The remote mail server is affected by a denial of service vulnerability. File : exchange_ms10-106.nasl - Type : ACT_GATHER_INFO |
2010-12-15 | Name : The remote mail server has a denial of service vulnerability. File : smb_nt_ms10-106.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:46:50 |
|
2013-11-11 12:41:20 |
|