Sign-up

ID

VAR-202201-0206


CVE

CVE-2021-40110


TITLE

Apache James  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-017532

DESCRIPTION

In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands to orchestrate a Denial Of Service using a vulnerable Regular expression. This affected Apache James prior to 3.6.1 We recommend upgrading to Apache James 3.6.1 or higher , which enforce the use of RE2J regular expression engine to execute regex in linear time without back-tracking. Apache James Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Apache James is an open source Smtp and Pop3 mail transfer agent and Nntp news server written entirely in Java by the Apache Foundation

Trust: 2.25

sources: NVD: CVE-2021-40110 // JVNDB: JVNDB-2021-017532 // CNVD: CNVD-2022-02755 // VULMON: CVE-2021-40110

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-02755

AFFECTED PRODUCTS

vendor:apachemodel:jamesscope:ltversion:3.6.1

Trust: 1.6

vendor:apachemodel:jamesscope:eqversion: -

Trust: 0.8

vendor:apachemodel:jamesscope:eqversion:3.6.1

Trust: 0.8

sources: CNVD: CNVD-2022-02755 // JVNDB: JVNDB-2021-017532 // NVD: CVE-2021-40110

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-40110
value: HIGH

Trust: 1.0

NVD: CVE-2021-40110
value: HIGH

Trust: 0.8

CNVD: CNVD-2022-02755
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202201-084
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2021-40110
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2022-02755
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-40110
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-40110
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-02755 // JVNDB: JVNDB-2021-017532 // CNNVD: CNNVD-202201-084 // NVD: CVE-2021-40110

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-017532 // NVD: CVE-2021-40110

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202201-084

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202201-084

PATCH

title:Top Pageurl:https://www.apache.org/

Trust: 0.8

title:Patch for Apache James Denial of Service Vulnerability (CNVD-2022-02755)url:https://www.cnvd.org.cn/patchInfo/show/313136

Trust: 0.6

title:Apache James Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176870

Trust: 0.6

sources: CNVD: CNVD-2022-02755 // JVNDB: JVNDB-2021-017532 // CNNVD: CNNVD-202201-084

EXTERNAL IDS

db:NVDid:CVE-2021-40110

Trust: 3.9

db:OPENWALLid:OSS-SECURITY/2022/01/04/2

Trust: 3.1

db:JVNDBid:JVNDB-2021-017532

Trust: 0.8

db:CNVDid:CNVD-2022-02755

Trust: 0.6

db:CS-HELPid:SB2022010404

Trust: 0.6

db:CNNVDid:CNNVD-202201-084

Trust: 0.6

db:VULMONid:CVE-2021-40110

Trust: 0.1

sources: CNVD: CNVD-2022-02755 // VULMON: CVE-2021-40110 // JVNDB: JVNDB-2021-017532 // CNNVD: CNNVD-202201-084 // NVD: CVE-2021-40110

REFERENCES

url:https://www.openwall.com/lists/oss-security/2022/01/04/2

Trust: 4.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-40110

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2022010404

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2022-02755 // VULMON: CVE-2021-40110 // JVNDB: JVNDB-2021-017532 // CNNVD: CNNVD-202201-084 // NVD: CVE-2021-40110

SOURCES

db:CNVDid:CNVD-2022-02755
db:VULMONid:CVE-2021-40110
db:JVNDBid:JVNDB-2021-017532
db:CNNVDid:CNNVD-202201-084
db:NVDid:CVE-2021-40110

LAST UPDATE DATE

2024-11-23T22:05:04.289000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-02755date:2022-01-12T00:00:00
db:VULMONid:CVE-2021-40110date:2022-01-04T00:00:00
db:JVNDBid:JVNDB-2021-017532date:2023-01-24T07:25:00
db:CNNVDid:CNNVD-202201-084date:2022-01-13T00:00:00
db:NVDid:CVE-2021-40110date:2024-11-21T06:23:35.337

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-02755date:2022-01-12T00:00:00
db:VULMONid:CVE-2021-40110date:2022-01-04T00:00:00
db:JVNDBid:JVNDB-2021-017532date:2023-01-24T00:00:00
db:CNNVDid:CNNVD-202201-084date:2022-01-04T00:00:00
db:NVDid:CVE-2021-40110date:2022-01-04T09:15:07.327