Описание
Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but some other popular e-mail servers do not.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | released | 4.97-3 |
| esm-infra-legacy/trusty | needs-triage | |
| esm-infra/bionic | released | 4.90.1-1ubuntu1.10+esm3 |
| esm-infra/focal | not-affected | 4.93-13ubuntu1.10 |
| esm-infra/xenial | released | 4.86.2-2ubuntu2.6+esm6 |
| focal | released | 4.93-13ubuntu1.10 |
| jammy | released | 4.95-4ubuntu2.5 |
| lunar | ignored | end of life, was needs-triage |
| mantic | released | 4.96-17ubuntu2.2 |
Показывать по
Ссылки на источники
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not.
Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKIN ...
Exim through 4.97 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages that appear to originate from the Exim server, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not.
Уязвимость реализации протокола SMTP почтового сервера Exim, позволяющая нарушителю обойти политику безопасности SPF (Sender Policy Framework) и отправить скрытый HTTP-запрос (атака типа HTTP Request Smuggling)
EPSS
5.3 Medium
CVSS3