CVE-2017-12628
N/A
N/A
Summary
The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. As James exposes JMX socket by default only on local-host, this vulnerability can only be used for privilege escalation. Release 3.0.1 upgrades the incriminated library.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apache Software Foundation | Apache James | 3.0.0 | affected |
Weaknesses
- Privilege escalation
ADP Enrichment
CVE Program Container
Additional References
- https://www.mail-archive.com/server-user%40james.apache.org/msg15633.html
- http://www.securityfocus.com/bid/101532
References
- https://www.mail-archive.com/server-user%40james.apache.org/msg15633.html
- http://www.securityfocus.com/bid/101532
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.