Lucene search
ApacheCVELIST:CVE-2021-40110HistoryJan 04, 2022 - 8:55 a.m.
CVE-2021-40110 Apache James IMAP vulnerable to a ReDoS
2022-01-0408:55:22
apache
www.cve.org
0.002 Low
EPSS
Percentile
51.8%
In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands to orchestrate a Denial Of Service using a vulnerable Regular expression. This affected Apache James prior to 3.6.1 We recommend upgrading to Apache James 3.6.1 or higher , which enforce the use of RE2J regular expression engine to execute regex in linear time without back-tracking.
CNA Affected
[
{
"product": "Apache James",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "3.6.0",
"status": "affected",
"version": "Apache James",
"versionType": "custom"
}
]
}
]Related
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2022-01-05 05:54:16
github
github
Denial of Service in Apache James
2022-01-08 00:40:30
osv
osv
Denial of Service in Apache James
2022-01-08 00:40:30
CVE-2021-40110
2022-01-04 09:15:07
cnvd
cnvd
Apache James Denial of Service Vulnerability (CNVD-2022-02755)
2022-01-07 00:00:00
cve
cve
CVE-2021-40110
2022-01-04 09:15:07
prion
prion
Design/Logic Flaw
2022-01-04 09:15:00
nvd
nvd
CVE-2021-40110
2022-01-04 09:15:07