Primary

Context

Apache James Server JMAP Unbounded Memory Consumption Leading to Denial-of-Service Vulnerability

Vulnerability

Patched

A denial-of-service vulnerability has been identified in Apache James Server JMAP HTML to plain text conversion implementation, affecting versions 3.8.0 prior to 3.8.2 and 3.7.0 prior to 3.7.6. This vulnerability is caused by unbounded memory consumption, which can lead to service disruption.

Impact

Exploitation of this vulnerability causes unbounded memory consumption, leading to a denial-of-service condition where the server becomes unresponsive or unavailable.

Remediation

Users are advised to upgrade to Apache James Server versions 3.7.6 or 3.8.2, both of which address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

5.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

5.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache James Server JMAP Unbounded Memory Consumption Leading to Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Apache James server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating