Описание
Apache James vulnerable to buffering attack
Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent requests.
Пакеты
Наименование
org.apache.james:james-server
maven
Затронутые версииВерсия исправления
< 3.6.3
3.6.3
Наименование
org.apache.james:james-server
maven
Затронутые версииВерсия исправления
= 3.7.0
3.7.1
Связанные уязвимости
CVSS3: 7.5
nvd
больше 3 лет назад
Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent requests.