CVE-2023-51747

27.02.2024, 14:15

Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling.

A lenient behaviour in line delimiter handling might create a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to bypass SPF checks.

The patch implies enforcement of CRLF as a line delimiter as part of the DATA transaction.

We recommend James users to upgrade to non vulnerable versions.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.1 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
apache	CNA	---				---
CISA-ADP	ADP	7.1 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 40%

Vendor	Product	Version
apache	james	3.7.5
apache	james	3.8.1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

References

http://www.openwall.com/lists/oss-security/2024/02/27/4

https://lists.apache.org/thread/rxkwbkh9vgbl9rzx1fkllyk3krhgydko

https://postfix.org/smtp-smuggling.html

https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/

http://www.openwall.com/lists/oss-security/2024/02/27/4

https://lists.apache.org/thread/rxkwbkh9vgbl9rzx1fkllyk3krhgydko

https://postfix.org/smtp-smuggling.html

https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/