Lucene search
ApacheCVELIST:CVE-2022-28220HistorySep 08, 2022 - 7:40 a.m.
CVE-2022-28220 STARTTLS command injection in Apache JAMES
2022-09-0807:40:09
CWE-77
apache
www.cve.org
cve-2022-28220
starttls
apache james
buffering attack
Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent requests.
CNA Affected
[
{
"product": "Apache James",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "3.6.2",
"status": "affected",
"version": "Apache James",
"versionType": "custom"
}
]
}
]Related
github
github
Apache James vulnerable to buffering attack
2022-09-09 00:00:57
Command Injection in Apache James
2022-01-08 00:40:33
osv
osv
Apache James vulnerable to buffering attack
2022-09-09 00:00:57
CVE-2022-28220
2022-09-08 08:15:07
Command Injection in Apache James
2022-01-08 00:40:33
cve
cve
CVE-2022-28220
2022-09-08 08:15:07
CVE-2021-38542
2022-01-04 09:15:07
prion
prion
Command injection
2022-09-08 08:15:00
Command injection
2022-01-04 09:15:00
nvd
nvd
CVE-2022-28220
2022-09-08 08:15:07
CVE-2021-38542
2022-01-04 09:15:07
cnvd
cnvd
Apache James Command Injection Vulnerability
2022-01-07 00:00:00
veracode
veracode
Information Disclosure
2022-01-05 17:31:14
Command Injection
2022-09-09 09:22:40
cvelist
cvelist