CVE-2023-51747: SMTP smuggling in Apache James

CVE-2023-51747: SMTP smuggling in Apache James

Open Source Security [[{„value“:“

Posted by Benoit Tellier on Feb 27

Severity: important

Affected versions:

– Apache James server through 3.7.4
– Apache James server 3.8 through 3.8.0

Description:

Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling.

A lenient behaviour in line delimiter handling might create a difference of interpretation between the sender and the
receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to bypass SPF checks….
„}]] Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert