{"containers": {"cna": {"affected": [{"product": "Apache Commons Email", "vendor": "Apache Software Foundation", "versions": [{"status": "affected", "version": "1.0 to 1.4"}]}], "datePublic": "2017-08-01T00:00:00", "descriptions": [{"lang": "en", "value": "When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitrary SMTP headers."}], "problemTypes": [{"descriptions": [{"description": "SMTP header injection", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-08T09:57:01", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"name": "[announce@apache.org] 20170801 CVE-2017-9801: Apache Commons Email SMTP header injection vulnerabilty", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/7ef903a772a2ff08605df1be819044fb15df2815eb3d63878b3fbbb5%40%3Cannounce.apache.org%3E"}, {"name": "1039043", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1039043"}, {"name": "100082", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/100082"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2017-08-01T00:00:00", "ID": "CVE-2017-9801", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Commons Email", "version": {"version_data": [{"version_value": "1.0 to 1.4"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitrary SMTP headers."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "SMTP header injection"}]}]}, "references": {"reference_data": [{"name": "[announce@apache.org] 20170801 CVE-2017-9801: Apache Commons Email SMTP header injection vulnerabilty", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/7ef903a772a2ff08605df1be819044fb15df2815eb3d63878b3fbbb5@%3Cannounce.apache.org%3E"}, {"name": "1039043", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039043"}, {"name": "100082", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100082"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T17:18:02.211Z"}, "title": "CVE Program Container", "references": [{"name": "[announce@apache.org] 20170801 CVE-2017-9801: Apache Commons Email SMTP header injection vulnerabilty", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/7ef903a772a2ff08605df1be819044fb15df2815eb3d63878b3fbbb5%40%3Cannounce.apache.org%3E"}, {"name": "1039043", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1039043"}, {"name": "100082", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/100082"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2017-9801", "datePublished": "2017-08-07T15:00:00Z", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-09-16T19:05:37.866Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:commons_email:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "30F19A6E-9804-46E5-BB19-D68FD7151A08", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:commons_email:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "A4F3451B-7369-45FA-AAA7-BD5DFF71595B", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:commons_email:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "46162757-2BEB-4AE3-8C87-72605B9EF048", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:commons_email:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "7771B984-C576-4E86-8A33-A6C0D87ABE42", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:commons_email:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "58C4BCC5-676C-4CEC-9917-16ACF9E4CB0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:commons_email:1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "ECF0651E-705F-4E15-A4C2-FA074002858C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:commons_email:1.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "6C31A98B-BBC5-4F26-B60F-399AFFA58C1F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:commons_email:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "D8D2181B-15C0-4FDD-A881-AE400841B20A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitrary SMTP headers."}, {"lang": "es", "value": "Cuando un sitio de llamada pasa un asunto para un email que contiene saltos de l\u00ednea en Apache Commons Email 1.0 en su versi\u00f3n 1.4, el autor de la llamada puede a\u00f1adir encabezados SMTP arbitrarios."}], "id": "CVE-2017-9801", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-08-07T15:29:00.517", "references": [{"source": "security@apache.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/100082"}, {"source": "security@apache.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039043"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/7ef903a772a2ff08605df1be819044fb15df2815eb3d63878b3fbbb5%40%3Cannounce.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/100082"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039043"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/7ef903a772a2ff08605df1be819044fb15df2815eb3d63878b3fbbb5%40%3Cannounce.apache.org%3E"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}