Home > Vulnerability Database > CVE-2023-51747

Mend.io Vulnerability Database

CVE-2023-51747

Good to know:

Date: February 27, 2024

Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling. A lenient behaviour in line delimiter handling might create a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to bypass SPF checks. The patch implies enforcement of CRLF as a line delimiter as part of the DATA transaction. We recommend James users to upgrade to non vulnerable versions.

Language: Java

Severity Score

5.3

Related Resources (6)

Url: https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-51747

Url: https://postfix.org/smtp-smuggling.html

Url: https://lists.apache.org/thread/rxkwbkh9vgbl9rzx1fkllyk3krhgydko

Url: http://www.openwall.com/lists/oss-security/2024/02/27/4

Url: https://www.mend.io/vulnerability-database/CVE-2023-51747

Severity Score

5.3

Weakness Type (CWE)

Input Validation

CWE-20

Top Fix

Upgrade Version

Upgrade to version org.apache.james:james-server-protocols-smtp:3.7.5,3.8.1

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-51747

Good to know:

Date: February 27, 2024

Language: Java

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?