CVE-2023-51518: Apache James server: Privilege escalation via JMX pre-authentication deserialisation

CVE-2023-51518: Apache James server: Privilege escalation via JMX pre-authentication deserialisation

Open Source Security [[{„value“:“

Posted by Benoit Tellier on Feb 26

Severity: low

Affected versions:

– Apache James server through 3.7.4
– Apache James server 3.8 through 3.8.0

Description:

Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint on localhost subject to pre-authentication
deserialisation of untrusted data.
Given a deserialisation gadjet, this could be leveraged as part of an exploit chain that could result in privilege
escalation.
Note that by default JMX endpoint is only bound…
„}]] Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert