Security Bulletin: Apache Commons Email as used by IBM QRadar SIEM is vulnerable to information disclosure (CVE-2017-9801, CVE-2018-1294)

Summary Apache Commons Email as used by IBM QRadar SIEM is vulnerable to information disclosure. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2017-9801 DESCRIPTION: Apache Commons Email could allow a remote attacker to inject header data, caused by an error i...

Mageia: Security Advisory (MGASA-2017-0322)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2017-0322 Updated apache-commons-email packages fix security vulnerability

In apache-commons-email before 1.5, when a call-site passes a subject for an email that contains line-breaks, the caller can add arbitrary SMTP headers CVE-2017-9801...

CVE-2017-9801

When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitrary SMTP headers...

CVE-2017-9801

CVE-2017-9801 affects Apache Commons Email (versions 1.0–1.4). A call-site passing an email subject containing line-breaks can be exploited to inject arbitrary SMTP headers, due to a flaw in how setSubject handles input. This can lead to SMTP header manipulation and potential information exposure...

CVE-2017-9801

When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitrary SMTP headers...