PT-2016-3818 · Apache · Apache James Server

Jakub Palaczynski

Publicado

2016-06-07

Atualizado

2022-05-14

CVE-2015-7611

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Apache James Server version 2.3.2

Description The issue allows attackers to execute arbitrary system commands when the Apache James Server is configured with file-based user repositories.

Recommendations For Apache James Server version 2.3.2, consider disabling file-based user repositories until a patch is available. Restrict access to sensitive system commands to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

CVE-2015-7611

GHSA-CGVF-22VV-83H5

Produtos afetados

Apache James Server

PT-2016-3818 · Apache · Apache James Server

CVE-2015-7611

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11