PT-2004-3540 · Apache Foundation · Apache James

Noel J. Bergman

Published

2004-12-31

Updated

2022-04-29

CVE-2004-2650

CVSS v2.0

4.9

Medium

Vector

AV:L/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Apache Foundation James versions prior to 2.2.0

Description The issue allows local users to cause a denial of service due to memory consumption. This is achieved by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.

Recommendations For versions prior to 2.2.0, update to version 2.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Spooler component to minimize the risk of exploitation.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2004-2650

GHSA-92J7-34X9-F3JW

Affected Products

Apache James

PT-2004-3540 · Apache Foundation · Apache James

CVE-2004-2650

Weakness Enumeration

Related Identifiers

Affected Products

References · 5