PT-2016-3818 · Apache · Apache James Server

Jakub Palaczynski

Published

2016-06-07

Updated

2022-05-14

CVE-2015-7611

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Apache James Server version 2.3.2

Description The issue allows attackers to execute arbitrary system commands when the Apache James Server is configured with file-based user repositories.

Recommendations For Apache James Server version 2.3.2, consider disabling file-based user repositories until a patch is available. Restrict access to sensitive system commands to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2015-7611

GHSA-CGVF-22VV-83H5

Affected Products

Apache James Server

PT-2016-3818 · Apache · Apache James Server

CVE-2015-7611

Weakness Enumeration

Related Identifiers

Affected Products

References · 11