References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Known Affected Software Configurations Switch to CPE 2.2

Change History

Apache Software Foundation CWE-668

Apache Software Foundation CWE-319

CWE-319 / More specific CWE option available

Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions.

Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. 

Vulnerable components includes the SMTP stack and IMAP APPEND command.

This issue affects Apache James server version 3.7.2 and prior versions.

NIST CWE-668

NIST CWE-319

Apache Software Foundation CWE-319

Apache Software Foundation CWE-200

CWE-200 / More specific CWE option available

OR
     *cpe:2.3:a:apache:james:*:*:*:*:*:*:*:* versions up to (including) 3.7.2

NIST AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

NIST CWE-319

https://lists.apache.org/thread/j61fo8xc1rxtofrn8vc33whx35s9cj1d No Types Assigned

https://lists.apache.org/thread/j61fo8xc1rxtofrn8vc33whx35s9cj1d Mailing List, Vendor Advisory