261 matches found
The vulnerability of the Apache James deployment and corporate email management software lies in its insufficient validation of input data, allowing attackers to trigger service failures.
The vulnerability of the Apache James software for deploying and managing corporate email is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the Apache James software server for enterprise email deployment and management involves an uncontrolled resource consumption, allowing attackers to cause service failures.
The vulnerability of the Apache James software server for deployment and corporate email management is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities
Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Google Guava and Apache James MIME4J could allow a local authenticated attacker to obtain sensitive information. Pivota Spring...
Apache James Resource Management Error Vulnerability
Apache James is the United States Apache Apache Foundation of a completely written in Java open source Smtp and Pop3 mail transfer agent and Nntp news server . Apache James suffers from a Resource Management Error vulnerability that stems from uncontrolled resource consumption by the application,...
CVE-2023-26269
Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX...
Denial Of Service (DoS)
Apache James Server is vulnerable to Denial of Service DoS. The vulnerability is due to unbounded memory consumption due to the JMAP HTML-to-plain-text conversion implementation failing to properly limit resource usage, potentially leading to service disruption...
CVE-2024-45626
Apache James server JMAP HTML to text plain implementation in versions below 3.8.2 and 3.7.6 is subject to unbounded memory consumption that can result in a denial of service. Users are recommended to upgrade to version 3.7.6 and 3.8.2, which fix this issue...
CVE-2024-37358
Similarly to CVE-2024-34055, Apache James is vulnerable to denial of service through the abuse of IMAP literals from both authenticated and unauthenticated users, which could be used to cause unbounded memory allocation and very long computations Version 3.7.6 and 3.8.2 restrict such illegitimate...
org.apache.james.examples:custom-imap (>=3.8.0 <=3.8.1), org.apache.james.examples:custom-james-assembly (>=3.8.0 <=3.8.1) +13 more potentially affected by CVE-2024-37358 via org.apache.james:james-server-protocols-imap4 (>=3.8.0 <=3.8.1)
org.apache.james:james-server-protocols-imap4 MAVEN version =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.1 Source cves: CVE-2024-37358 Source advisory:...
org.apache.james.examples:custom-james-assembly (>=3.7.0 <=3.7.5), org.apache.james:apache-james (=3.0-beta4) +22 more potentially affected by CVE-2024-37358 via org.apache.james:james-server-protocols-imap4 (>=3.0-beta4 <=3.7.5)
org.apache.james:james-server-protocols-imap4 MAVEN version =3.0-beta4, =3.7.0, =3.0.0, =3.4.0, =3.0.0, =3.7.0, =3.0.0, =3.0.0, =3.3.0, =3.3.0, =3.7.0, =3.7.0, =3.0.0, =3.7.5 and more Source cves: CVE-2024-37358 Source advisory: SNYK:JAVA-ORGAPACHEJAMES-8689864...
org.apache.james.examples:custom-james-assembly (>=3.8.0 <=3.8.1), org.apache.james:apache-james-mpt-smtp-cassandra (>=3.8.0 <=3.8.1) +14 more potentially affected by CVE-2024-45626 via org.apache.james:james-server-jmap-draft (>=3.8.0 <=3.8.1)
org.apache.james:james-server-jmap-draft MAVEN version =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.1 and more Source cves: CVE-2024-45626 Source advisory:...
org.apache.james.examples:custom-james-assembly (>=3.7.0 <=3.7.5), org.apache.james:apache-james-mpt-smtp-cassandra (>=3.5.0 <=3.7.5) +19 more potentially affected by CVE-2024-45626 via org.apache.james:james-server-jmap-draft (>=3.5.0 <=3.7.5)
org.apache.james:james-server-jmap-draft MAVEN version =3.5.0, =3.7.0, =3.5.0, =3.5.0, =3.7.0, =3.5.0, =3.5.0, =3.5.0, =3.5.0, =3.7.0, =3.7.0, =3.6.0, =3.7.0, =3.5.0, =3.5.0, =3.7.5 and more Source cves: CVE-2024-45626 Source advisory:...
org.apache.james.examples:custom-imap (>=3.8.0 <=3.8.1), org.apache.james.examples:custom-james-assembly (>=3.8.0 <=3.8.1) +15 more potentially affected by CVE-2024-37358 via org.apache.james.protocols:protocols-imap (>=3.8.0 <=3.8.1)
org.apache.james.protocols:protocols-imap MAVEN version =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.1 and more Source cves: CVE-2024-37358 Source advisory: OSV:GHSA-56JP-W6VW-J3JW...
GHSA-56JP-W6VW-J3JW Apache James vulnerable to denial of service through the use of IMAP literals
Similarly to CVE-2024-34055, Apache James is vulnerable to denial of service through the abuse of IMAP literals from both authenticated and unauthenticated users, which could be used to cause unbounded memory allocation and very long computations Version 3.7.6 and 3.8.2 restrict such illegitimate...
GHSA-57M2-H3FW-RXHW Apache James vulnerable to denial of service through JMAP HTML to text conversion
Apache James server JMAP HTML to text plain implementation in versions below 3.8.2 and 3.7.6 is subject to unbounded memory consumption that can result in a denial of service. Users are recommended to upgrade to version 3.7.6 and 3.8.2, which fix this issue...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the JsoupHtmlTextExtractor function. An attacker can cause unbounded memory consumption leading to a denial of service by sending crafted HTML content that triggers excessive memory allocation. Details Denial o...
org.apache.james.examples:custom-james-assembly (>=3.7.0 <=3.7.5), org.apache.james:apache-james-mpt-antlib (>=3.0.0 <=3.0.1) +31 more potentially affected by CVE-2024-37358 via org.apache.james.protocols:protocols-imap (>=3.0.0-RC1 <=3.7.5)
org.apache.james.protocols:protocols-imap MAVEN version =3.0.0-RC1, =3.7.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.4.0, =3.0.0, =3.0.0, =3.7.0, =3.0.0, =3.0.0, =3.6.2 and more Source cves: CVE-2024-37358 Source advisory: OSV:GHSA-56JP-W6VW-J3JW...
Apache James vulnerable to denial of service through the use of IMAP literals
Similarly to CVE-2024-34055, Apache James is vulnerable to denial of service through the abuse of IMAP literals from both authenticated and unauthenticated users, which could be used to cause unbounded memory allocation and very long computations Version 3.7.6 and 3.8.2 restrict such illegitimate...
Apache James vulnerable to denial of service through JMAP HTML to text conversion
Apache James server JMAP HTML to text plain implementation in versions below 3.8.2 and 3.7.6 is subject to unbounded memory consumption that can result in a denial of service. Users are recommended to upgrade to version 3.7.6 and 3.8.2, which fix this issue...
CVE-2024-45626
Apache James server JMAP HTML to text plain implementation in versions below 3.8.2 and 3.7.6 is subject to unbounded memory consumption that can result in a denial of service. Users are recommended to upgrade to version 3.7.6 and 3.8.2, which fix this issue...