Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-51747

Published: 27/02/2024 Updated: 27/02/2024

Vulnerability Summary

Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling. A lenient behaviour in line delimiter handling might create a difference of interpretation between the sender and the receiver which can be exploited by an malicious user to forge an SMTP envelop, allowing for instance to bypass SPF checks. The patch implies enforcement of CRLF as a line delimiter as part of the DATA transaction. We recommend James users to upgrade to non vulnerable versions.

Mailing Lists

Full Disclosure: CVE-2023-51747: SMTP smuggling in Apache James
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> CVE-2023-51747: SMTP smuggling in Apache James <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Benoit Tellier &lt ...

References

CWE-20https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/https://postfix.org/smtp-smuggling.htmlhttps://lists.apache.org/thread/rxkwbkh9vgbl9rzx1fkllyk3krhgydkohttp://www.openwall.com/lists/oss-security/2024/02/27/4https://nvd.nist.govhttps://seclists.org/oss-sec/2024/q1/165
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook