CVE-2021-40111 is a vulnerability in Apache James
Published on January 4, 2022
In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we discover that crafted APPEND and STATUS IMAP command could be used to trigger infinite loops resulting in expensive CPU computations and OutOfMemory exceptions. This can be used for a Denial Of Service attack. The IMAP user needs to be authenticated to exploit this vulnerability. This affected Apache James prior to version 3.6.1. This vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade.
Products Associated with CVE-2021-40111
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-40111 are published in Apache James:
Affected Versions
Apache Software Foundation Apache James:- Version Apache James, <= 3.6.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.