Lucene search
Veracode Vulnerability DatabaseVERACODE:45677HistoryFeb 28, 2024 - 12:16 p.m.
SMTP Smuggling
2024-02-2812:16:54
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
smtp
apache james
vulnerability
line delimiter
spf checks
exploit
Apache James is vulnerable to SMTP Smuggling. The vulnerability is due to the lenient behavior in line delimiter handling which creates a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to bypass SPF checks.
References
www.openwall.com/lists/oss-security/2024/02/27/4
github.com/apache/james-project/commit/d1ef102540e504c067b6c1721a6f1e7eee9c6fc6
github.com/apache/james-project/commit/d5cd8bb098aa78d8d62c9645f3c532689ef1cb03
lists.apache.org/thread/rxkwbkh9vgbl9rzx1fkllyk3krhgydko
postfix.org/smtp-smuggling.html
sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
Related
nvd
nvd
CVE-2023-51747
2024-02-27 14:15:27
osv
osv
SMTP smuggling in Apache James
2024-02-27 15:30:31
prion
prion
Design/Logic Flaw
2024-02-27 14:15:00
redhatcve
redhatcve
CVE-2023-51747
2024-03-01 21:31:53
cvelist
cvelist
CVE-2023-51747 SMTP smuggling in Apache James
2024-02-27 13:08:01
github
github
SMTP smuggling in Apache James
2024-02-27 15:30:31
cve
cve
CVE-2023-51747
2024-02-27 14:15:27