CVE-2021-38542

Apache James vulnerable to STARTTLS command injection (IMAP and POP3)

Description

Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information.

Remediation

Workaround:

We recommend to upgrade to Apache James 3.6.1, which fixes this vulnerability. Furthermore, we recommend, if possible to dis-activate STARTTLS and rely solely on explicit TLS for mail protocols, including SMTP, IMAP and POP3.

References

Link	Tags
https://www.openwall.com/lists/oss-security/2022/01/04/1	third party advisory mailing list
http://www.openwall.com/lists/oss-security/2022/01/04/1	third party advisory mailing list
http://www.openwall.com/lists/oss-security/2022/09/20/1	third party advisory mailing list

Frequently Asked Questions

What is the severity of CVE-2021-38542?: CVE-2021-38542 has been scored as a medium severity vulnerability.
How to fix CVE-2021-38542?: As a workaround for remediating CVE-2021-38542: We recommend to upgrade to Apache James 3.6.1, which fixes this vulnerability. Furthermore, we recommend, if possible to dis-activate STARTTLS and rely solely on explicit TLS for mail protocols, including SMTP, IMAP and POP3.
Is CVE-2021-38542 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2021-38542 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-38542?: CVE-2021-38542 affects Apache Software Foundation Apache James.

Description

Remediation

Categories

CWE-77 – Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-327 – Use of a Broken or Risky Cryptographic Algorithm

References

Frequently Asked Questions