Primary

Context

Apache James IMAP Literals Denial-of-Service Vulnerability

Vulnerability

Patched

A denial-of-service vulnerability has been identified in Apache James versions prior to 3.7.6 and 3.8.0 through 3.8.1. This vulnerability allows both authenticated and unauthenticated users to abuse IMAP literals, leading to unbounded memory allocation and prolonged computations. Versions 3.7.6 and 3.8.2 have addressed this issue by restricting improper use of IMAP literals.

Impact

Exploitation of this vulnerability can cause excessive memory usage and extended processing times, potentially leading to service degradation or unavailability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

7.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

7.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache James IMAP Literals Denial-of-Service Vulnerability

Vulnerability

Impact

Affected Products

Apache James

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating