CVE-2024-37358 – Apache James IMAP Denial of Service Vulnerability

The following table lists the changes that have been made to the CVE-2024-37358 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received by [email protected]

    Feb. 06, 2025

    Action Type Old Value New Value
    Added Description Similarly to CVE-2024-34055, Apache James is vulnerable to denial of service through the abuse of IMAP literals from both authenticated and unauthenticated users, which could be used to cause unbounded memory allocation and very long computations Version 3.7.6 and 3.8.2 restrict such illegitimate use of IMAP literals.
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
    Added CWE CWE-20
    Added Reference https://lists.apache.org/thread/1pxsh11v5s3fkvhnqvkmlqwt3fgpcrqc

نوشته های مشابه

CVE-2020-36084 – SourceCodester Responsive E-Learning System SQL Injection

CVE-2024-57520 – Asterisk Unix Secure Permissions Vulnerability

CVE-2022-31764 – Apache ShardingSphere ElasticJob-UI H2 DB RCE Vulnerability

CVE-2024-39272 – ClearML Enterprise Server Cross-Site Scripting