PT-2024-14283 · Apache · Apache James

·

CVE-2023-51747

·

Published

2024-02-27

·

Updated

2025-05-05

CVSS v3.1

7.1

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Name of the Vulnerable Software and Affected Versions Apache James versions prior to 3.8.1 and 3.7.5
Description A lenient behavior in line delimiter handling might create a difference of interpretation between the sender and the receiver, which can be exploited by an attacker to forge an SMTP envelope, allowing for instance to bypass SPF checks. The issue is related to the enforcement of CRLF as a line delimiter as part of the DATA transaction.
Recommendations For versions prior to 3.8.1, upgrade to version 3.8.1 or later. For versions prior to 3.7.5, upgrade to version 3.7.5 or later.

Exploit

Fix

RCE

HTTP Request/Response Smuggling

Authentication Bypass by Spoofing

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2023-51747
GHSA-P5Q9-86W4-2XR5

Affected Products

Apache James