Skip to main content

James Server

4 CVEs product

Monthly

CVE-2024-45626 Maven MEDIUM PATCH This Month

Apache James server JMAP HTML to text plain implementation in versions below 3.8.2 and 3.7.6 is subject to unbounded memory consumption that can result in a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Denial Of Service James Server
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-37358 Maven HIGH PATCH This Week

Similarly to CVE-2024-34055, Apache James is vulnerable to denial of service through the abuse of IMAP literals from both authenticated and unauthenticated users, which could be used to cause. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service James Server
NVD
CVSS 3.1
8.6
EPSS
0.8%
CVE-2017-12628 Maven HIGH PATCH This Week

The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Java Apache Privilege Escalation James Server
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-7611 Maven HIGH POC PATCH THREAT Act Now

Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 74.9%.

Command Injection Apache James Server
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
74.9%
Threat
5.4
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Apache James server JMAP HTML to text plain implementation in versions below 3.8.2 and 3.7.6 is subject to unbounded memory consumption that can result in a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Denial Of Service James Server
NVD
EPSS 1% CVSS 8.6
HIGH PATCH This Week

Similarly to CVE-2024-34055, Apache James is vulnerable to denial of service through the abuse of IMAP literals from both authenticated and unauthenticated users, which could be used to cause. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service James Server
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Java Apache +2
NVD
EPSS 75% 5.4 CVSS 8.1
HIGH POC PATCH THREAT Act Now

Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 74.9%.

Command Injection Apache James Server
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy