Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2022-28220

Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent requests.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.7%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2022-28220
  • Apache » James » Version: N/A
    cpe:2.3:a:apache:james:-
  • Apache » James » Version: 2.2.0
    cpe:2.3:a:apache:james:2.2.0
  • Apache » James » Version: 3.3.0
    cpe:2.3:a:apache:james:3.3.0
  • Apache » James » Version: 3.4.0
    cpe:2.3:a:apache:james:3.4.0
  • Apache » James » Version: 3.6.1
    cpe:2.3:a:apache:james:3.6.1
  • Apache » James » Version: 3.6.2
    cpe:2.3:a:apache:james:3.6.2
  • Apache » James » Version: 3.7.0
    cpe:2.3:a:apache:james:3.7.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved