Описание
Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but some other popular e-mail servers do not.
Ссылки
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListMitigationThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Issue TrackingVendor Advisory
- Issue TrackingThird Party Advisory
- Broken Link
- Technical Description
- Patch
- Patch
- MitigationVendor Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- Technical DescriptionThird Party Advisory
- Issue TrackingMailing ListThird Party Advisory
- Exploit
Уязвимые конфигурации
Одно из
EPSS
5.3 Medium
CVSS3
Дефекты
Связанные уязвимости
Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not.
Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKIN ...
Exim through 4.97 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages that appear to originate from the Exim server, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not.
Уязвимость реализации протокола SMTP почтового сервера Exim, позволяющая нарушителю обойти политику безопасности SPF (Sender Policy Framework) и отправить скрытый HTTP-запрос (атака типа HTTP Request Smuggling)
EPSS
5.3 Medium
CVSS3