Lucene search
ApacheCVELIST:CVE-2021-38542HistoryJan 04, 2022 - 8:55 a.m.
CVE-2021-38542 Apache James vulnerable to STARTTLS command injection (IMAP and POP3)
2022-01-0408:55:21
CWE-77
apache
www.cve.org
Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information.
CNA Affected
[
{
"product": "Apache James",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.6.1",
"status": "affected",
"version": "Apache James",
"versionType": "custom"
}
]
}
]Related
github
github
Command Injection in Apache James
2022-01-08 00:40:33
Apache James vulnerable to buffering attack
2022-09-09 00:00:57
cnvd
cnvd
Apache James Command Injection Vulnerability
2022-01-07 00:00:00
cve
cve
CVE-2021-38542
2022-01-04 09:15:07
CVE-2022-28220
2022-09-08 08:15:07
nvd
nvd
CVE-2021-38542
2022-01-04 09:15:07
CVE-2022-28220
2022-09-08 08:15:07
osv
osv
Command Injection in Apache James
2022-01-08 00:40:33
CVE-2021-38542
2022-01-04 09:15:07
Apache James vulnerable to buffering attack
2022-09-09 00:00:57
veracode
veracode
Information Disclosure
2022-01-05 17:31:14
prion
prion
Command injection
2022-01-04 09:15:00
Command injection
2022-09-08 08:15:00
cvelist
cvelist
CVE-2022-28220 STARTTLS command injection in Apache JAMES
2022-09-08 07:40:09