CVE-2022-28220

CVSS v3.1 7.5 (High)

EPSS 0.09 % (39^th)

Affected Products 1

Advisories 1

Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent requests.

Weaknesses

CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

Related CVEs

CVE-2021-38542

CVE Status: PUBLISHED
CNA: Apache Software Foundation
Published Date: 2022-09-08 08:15:07
(2 years ago)
Updated Date: 2022-09-30 19:16:02
(23 months ago)

Affected Products

Apache

James

Configuration #1

		CPE23	From	Up To
	Apache James 3.6.2 and prior versions	cpe:2.3:a:apache:james		<= 3.6.2
	Apache James 3.7.0	cpe:2.3:a:apache:james:3.7.0