Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent requests.
Fixes

Solution

No solution given by the vendor.


Workaround

Upgrade to Apache James 3.7.1 or Apache James 3.6.3.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2024-08-03T05:48:37.476Z

Reserved: 2022-03-30T00:00:00

Link: CVE-2022-28220

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-09-08T08:15:07.813

Modified: 2024-11-21T06:56:58.570

Link: CVE-2022-28220

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.