8 matches found
EUVD-2021-2501
Malware in sbrugna...
angus-mail: Enabling Secure Server Identity Checks for Safer SMTPS Communication
A vulnerability was found in Apache Sling Commons Messaging Mailangus-mail, which provides a simple interface for sending emails via SMTPS in OSGi, does not offer an option to enable server identity checks, leaving connections vulnerable to "man-in-the-middle" attacks and can allow insecure email...
Apache Sling Commons Messaging Mail Trust Management Issue Vulnerability
Apache Sling Commons Messaging Mail is an open source messaging mail service from the Apache Foundation in the U.S. A trust management issue vulnerability exists in Apache Sling Commons Messaging Mail 1.0.0, which stems from the Apache Sling Commons Messaging Mail provides a simple layer on top o...
org.apache.sling:org.apache.sling.cms.reference (>=0.16.0 <=1.1.0) potentially affected by CVE-2021-44549 via org.apache.sling:org.apache.sling.commons.messaging.mail (=1.0.0)
org.apache.sling:org.apache.sling.commons.messaging.mail MAVEN version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.sling:org.apache.sling.commons.messaging.mail and may be impacted: - org.apache.sling:org.apache.sling.cms.referenc...
CVE-2021-44549
Apache Sling Commons Messaging Mail provides a simple layer on top of JavaMail/Jakarta Mail for OSGi to send mails via SMTPS. To reduce the risk of "man in the middle" attacks additional server identity checks must be performed when accessing mail servers. For compatibility reasons these addition...
CVE-2021-44549
CVE-2021-44549 affects Apache Sling Commons Messaging Mail (Sling Mail) implementations that use SMTPS. The issue arises from the SimpleMailService in Apache Sling Commons Messaging Mail 1.0 which lacked an option to enable mail.smtps.ssl.checkserveridentity by default, leaving SMTPS connections ...
CVE-2021-44549 SMTPS server hostname not checked when making TLS connection to SMTPS server
Apache Sling Commons Messaging Mail provides a simple layer on top of JavaMail/Jakarta Mail for OSGi to send mails via SMTPS. To reduce the risk of "man in the middle" attacks additional server identity checks must be performed when accessing mail servers. For compatibility reasons these addition...
Apache Sling Commons Messaging Mail 信任管理问题漏洞
Apache Sling Commons Messaging Mail is an open source messaging mail service from the Apache Foundation in the U.S. A trust management issue vulnerability exists in Apache Sling Commons Messaging Mail 1.0.0, which stems from the Apache Sling Commons Messaging Mail provides a simple layer on top o...