VDB

CVE-2021-40110

CVE-2021-40110 PUBLISHED CVSS 7.5 HIGH

In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands to orchestrate a Denial Of Service using a vulnerable Regular expression. This affected Apache James prior to 3.6.1 We recommend upgrading to Apache James 3.6.1 or higher , which enforce the use of RE2J regular expression engine to execute regex in linear time without back-tracking.

EPSS 0.67% · 71.7th percentile

Risk Scores

CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.67%
71.7th percentile

Affected Products

VendorProductVersions
Mavenorg.apache.james:james-server3.1.0
apachejames0
Apache Software FoundationApache JamesApache James

Timeline

  • Jan 4, 2022 CVE Published
  • Jan 5, 2022 EPSS Score
  • Jan 8, 2022 CVE Updated
  • Jan 13, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Apr 22, 2022 EPSS Score
  • Jun 15, 2022 EPSS Score
  • Aug 8, 2022 EPSS Score
  • Oct 1, 2022 EPSS Score
  • Jan 16, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Mar 10, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›