Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SMTP smuggling in Apache James
Vulnerability Description
Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling. A lenient behaviour in line delimiter handling might create a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to bypass SPF checks. The patch implies enforcement of CRLF as a line delimiter as part of the DATA transaction. We recommend James users to upgrade to non vulnerable versions.
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
Apache James 输入验证错误漏洞
Vulnerability Description
Apache James是美国阿帕奇(Apache)基金会的一个完全用 Java 编写的开源 Smtp 和 Pop3 邮件传输代理和 Nntp 新闻服务器。 Apache James 3.8.1之前版本和3.7.5之前版本存在输入验证错误漏洞,该漏洞源于发送方和接收方之间存在行分隔符处理差异,攻击者可利用这种差异进行SMTP走私攻击。
CVSS Information
N/A
Vulnerability Type
N/A