CVE-2021-40110 is a vulnerability in Apache James
Published on January 4, 2022
Apache James IMAP vulnerable to a ReDoS
In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands to orchestrate a Denial Of Service using a vulnerable Regular expression. This affected Apache James prior to 3.6.1 We recommend upgrading to Apache James 3.6.1 or higher , which enforce the use of RE2J regular expression engine to execute regex in linear time without back-tracking.
Products Associated with CVE-2021-40110
Want to know whenever a new CVE is published for Apache James? stack.watch will email you.
Affected Versions
Apache Software Foundation Apache James:- Version Apache James, <= 3.6.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.