Описание
Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information.
Ссылки
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.6.1 (исключая)
cpe:2.3:a:apache:james:*:*:*:*:*:*:*:*
EPSS
Процентиль: 69%
0.00614
Низкий
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-77
CWE-327
Связанные уязвимости
EPSS
Процентиль: 69%
0.00614
Низкий
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-77
CWE-327