org.apache.james:james-server
Maven11 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.apache.james:james-serverpage 1 of 1
- CVE-2004-2650NONECVSS 0.0EG 0.0✓ Fixed in 2.2.02004-12-31
Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory le…
- CVE-2015-7611HIGHCVSS 8.1EG 8.1✓ Fixed in 2.3.2.12016-06-07
Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors.
- CVE-2021-38542MEDIUMCVSS 5.9EG 5.9✓ Fixed in 3.6.12022-01-04
vulnerable: 3.0-M1 ... 3.6.0 (15 versions)
Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information.
- CVE-2021-40110HIGHCVSS 7.5EG 7.5✓ Fixed in 3.6.12022-01-04
vulnerable: 3.1.0 ... 3.6.0 (6 versions)
In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands to orchestrate a Denial Of Service using a vulnerable Regular expression. This affected Apache James prior to 3.6.1 We recommend upgrading t…
- CVE-2021-40111MEDIUMCVSS 6.5EG 6.5✓ Fixed in 3.6.12022-01-04
vulnerable: 3.0-M1 ... 3.6.0 (15 versions)
In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we discover that crafted APPEND and STATUS IMAP command could be used to trigger infinite loops resulting in expensive CPU computations and OutOfMemory exceptions. This can…
- CVE-2021-40525CRITICALCVSS 9.1EG 9.1✓ Fixed in 3.6.12022-01-04
vulnerable: 3.0-M1 ... 3.6.0 (15 versions)
Apache James ManagedSieve implementation alongside with the file storage for sieve scripts is vulnerable to path traversal, allowing reading and writing any file. This vulnerability had been patched in Apache James 3.6.1 and higher. We rec…
- CVE-2022-22931MEDIUMCVSS 4.3EG 4.3✓ Fixed in 3.6.22022-02-07
vulnerable: 3.0-M1 ... 3.6.0 (15 versions)
Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file repository This enables a user to access other users data stores (limited to user name…
- CVE-2022-28220HIGHCVSS 7.5EG 7.5✓ Fixed in 3.7.12022-09-08
vulnerable: 3.7.0
Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential …
- CVE-2022-45935MEDIUMCVSS 5.5EG 5.52023-01-06
vulnerable: 3.0-M1 ... 3.7.2 (19 versions)
Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue…
- CVE-2023-51518CRITICALCVSS 9.8EG 9.8✓ Fixed in 3.8.12024-02-27
vulnerable: 3.8.0
Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint on localhost subject to pre-authentication deserialisation of untrusted data. Given a deserialisation gadjet, this could be leveraged as part of an exploit chain that cou…
- CVE-2023-51747HIGHCVSS 7.1EG 7.1✓ Fixed in 3.8.12024-02-27
vulnerable: 3.8.0
Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling. A lenient behaviour in line delimiter handling might create a difference of interpretation between the sender and the receiver which can be exploited by an at…
Check whether org.apache.james:james-server is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.apache.james:james-server CVEs against the assets you own.
Start Free Scan →