icon

We found results for “

CVE-2022-28220

Good to know:

icon
icon

Date: September 8, 2022

Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent requests.

Language: Java

Severity Score

Severity Score

Weakness Type (CWE)

Command Injection

CWE-77

Top Fix

icon

Upgrade Version

Upgrade to version org.apache.james:apache-james-mpt-core:3.7.1;org.apache.james:apache-james-mpt-app:3.6.3,3.7.1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us