CVE-2021-40111 is a vulnerability in Apache James
Published on January 4, 2022
Apache James IMAP parsing Denial Of Service
In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we discover that crafted APPEND and STATUS IMAP command could be used to trigger infinite loops resulting in expensive CPU computations and OutOfMemory exceptions. This can be used for a Denial Of Service attack. The IMAP user needs to be authenticated to exploit this vulnerability. This affected Apache James prior to version 3.6.1. This vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade.
Products Associated with CVE-2021-40111
Want to know whenever a new CVE is published for Apache James? stack.watch will email you.
Affected Versions
Apache Software Foundation Apache James:- Version Apache James, <= 3.6.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.