Back to search
CVE-2021-40110
Published: Jan 4, 2022
Modified: Aug 4, 2024
PUBLISHED
Description
In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands to orchestrate a Denial Of Service using a vulnerable Regular expression. This affected Apache James prior to 3.6.1 We recommend upgrading to Apache James 3.6.1 or higher , which enforce the use of RE2J regular expression engine to execute regex in linear time without back-tracking.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache James | affected Apache James - <= 3.6.0 |
References
https://www.openwall.com/lists/oss-security/2022/01/04/2
x_refsource_MISC
[oss-security] 20220104 CVE-2021-40110: Apache James IMAP vulnerable to a ReDoS
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now