Benoit Tellier

Name of the Vulnerable Software and Affected Versions: Apache APISIX(java-plugin-runner) versions 0.2.0 through 0.5.0 Description: The issue is related to incorrect permission assignment for critical resources in the Apache APISIX java-plugin-runner, allowing a local attacker to elevate privileges due to local listening file permissions. Recommendations: For Apache APISIX(java-plugin-runner) versions 0.2.0 through 0.5.0, upgrade to version 0.6.0 or higher to fix the issue.

**Name of the Vulnerable Software and Affected Versions** Apache James server versions prior to 3.7.6 Apache James server versions prior to 3.8.2 **Description** The issue is related to the JMAP HTML to text plain implementation, which is subject to unbounded memory consumption, potentially resulting in a denial of service. **Recommendations** Apache James server versions prior to 3.7.6: Upgrade to version 3.7.6 to fix the issue. Apache James server versions prior to 3.8.2: Upgrade to version 3.8.2 to fix the issue.

**Name of the Vulnerable Software and Affected Versions** Apache James versions prior to 3.7.6 Apache James versions prior to 3.8.2 **Description** Apache James is susceptible to a denial of service through the misuse of IMAP literals by both authenticated and unauthenticated users. This could lead to unbounded memory allocation and prolonged computations. **Recommendations** For Apache James version prior to 3.7.6, update to version 3.7.6 to restrict illegitimate use of IMAP literals. For Apache James version prior to 3.8.2, update to version 3.8.2 to mitigate the issue.

**Name of the Vulnerable Software and Affected Versions** Apache James versions prior to 3.8.1 and 3.7.5 **Description** A lenient behavior in line delimiter handling might create a difference of interpretation between the sender and the receiver, which can be exploited by an attacker to forge an SMTP envelope, allowing for instance to bypass SPF checks. The issue is related to the enforcement of CRLF as a line delimiter as part of the DATA transaction. **Recommendations** For versions prior to 3.8.1, upgrade to version 3.8.1 or later. For versions prior to 3.7.5, upgrade to version 3.7.5 or later.

Name of the Vulnerable Software and Affected Versions: MIME4J library (affected versions not specified) Description: The issue is related to improper input validation in the MIME4J library, which can be exploited by an attacker to add unintended headers to MIME messages. This can occur when using the MIME4J DOM for composing messages. The exploitation of this issue may allow a remote attacker to execute arbitrary code. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache James server versions 3.7.2 and prior versions **Description** The issue allows an attacker with local access to access private user data in transit due to the usage of temporary files with insecure permissions by the Apache James server. Vulnerable components include the SMTP stack and IMAP APPEND command. **Recommendations** For Apache James server versions 3.7.2 and prior versions, consider updating to a version that fixes the issue with temporary file permissions as a permanent solution. As a temporary workaround, restrict access to the SMTP stack and IMAP APPEND command to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apache James versions prior to 3.6.3 Apache James versions prior to 3.7.1 **Description** The issue is related to a buffering attack that relies on the use of the STARTTLS command. It is similar to a previously solved problem in Apache James 3.6.1, but the fix for that issue does not account for concurrent requests and is subject to a parser differential. **Recommendations** For Apache James versions prior to 3.6.3, update to version 3.6.3 or later. For Apache James versions prior to 3.7.1, update to version 3.7.1 or later.

**Name of the Vulnerable Software and Affected Versions** Apache James versions prior to 3.6.1 **Description** The issue allows for a buffering attack using the STARTTLS command, potentially leading to Man-in-the-middle command injection attacks. This could result in the leakage of sensitive information. **Recommendations** For versions prior to 3.6.1, update to release 3.6.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apache James versions prior to 3.6.1 **Description** The issue concerns a path traversal vulnerability in the Apache James ManagedSieve implementation, which affects the file storage for sieve scripts. This allows for the reading and writing of any file. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** For versions prior to 3.6.1, upgrade to Apache James 3.6.1 or higher to resolve the issue. As a temporary workaround, consider restricting access to the ManagedSieve implementation and the file storage for sieve scripts to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apache James versions prior to 3.6.1 **Description** The issue allows for a Denial Of Service attack through crafted APPEND and STATUS IMAP commands, which can trigger infinite loops and result in expensive CPU computations and OutOfMemory exceptions. The IMAP user must be authenticated to exploit this issue. **Recommendations** For versions prior to 3.6.1, upgrade to Apache James 3.6.1 or higher to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apache James versions prior to 3.6.1 **Description** A Denial Of Service issue was identified in Apache James, where an IMAP user can craft IMAP LIST commands to exploit a vulnerable regular expression, leading to a denial of service. This issue was discovered using the Jazzer fuzzer. **Recommendations** For versions prior to 3.6.1, upgrade to Apache James 3.6.1 or higher, which enforces the use of the RE2J regular expression engine to execute regex in linear time without back-tracking.