Описание
Command Injection in Apache James
Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information.
Пакеты
Наименование
org.apache.james:james-server
maven
Затронутые версииВерсия исправления
< 3.6.1
3.6.1
Связанные уязвимости
CVSS3: 5.9
nvd
около 4 лет назад
Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information.