漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
SMTPS server hostname not checked when making TLS connection to SMTPS server
Vulnerability Description
Apache Sling Commons Messaging Mail provides a simple layer on top of JavaMail/Jakarta Mail for OSGi to send mails via SMTPS. To reduce the risk of "man in the middle" attacks additional server identity checks must be performed when accessing mail servers. For compatibility reasons these additional checks are disabled by default in JavaMail/Jakarta Mail. The SimpleMailService in Apache Sling Commons Messaging Mail 1.0 lacks an option to enable these checks for the shared mail session. A user could enable these checks nevertheless by accessing the session via the message created by SimpleMessageBuilder and setting the property mail.smtps.ssl.checkserveridentity to true. Apache Sling Commons Messaging Mail 2.0 adds support for enabling server identity checks and these checks are enabled by default. - https://javaee.github.io/javamail/docs/SSLNOTES.txt - https://javaee.github.io/javamail/docs/api/com/sun/mail/smtp/package-summary.html - https://github.com/eclipse-ee4j/mail/issues/429
CVSS Information
N/A
Vulnerability Type
证书验证不恰当
Vulnerability Title
Apache Sling Commons Messaging Mail 信任管理问题漏洞
Vulnerability Description
Apache Sling Commons Messaging Mail是美国Apache基金会的一款开源消息传递邮件服务。 Apache Sling Commons Messaging Mail 存在安全漏洞,该漏洞源于 Apache Sling Commons Messaging Mail 在 JavaMail/Jakarta Mail 之上为 OSGi 提供了一个简单的层,用于通过 SMTPS 发送邮件。为了降低中间人攻击的风险,在访问邮件服务器时必须执行额外的服务器身份检查。出于兼容性原因,Java
CVSS Information
N/A
Vulnerability Type
N/A