← Back

James Server

james_server

Vendor: Apache • 4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-45626
1Apache
1James Server
Feb 11, 2025
Feb 6, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
Apache James server JMAP HTML to text plain implementation in versions below 3.8.2 and 3.7.6 is subject to unbounded memory consumption that can result in a denial of service. Users are recommended to upgrade to version...Show more
Apache James server JMAP HTML to text plain implementation in versions below 3.8.2 and 3.7.6 is subject to unbounded memory consumption that can result in a denial of service. Users are recommended to upgrade to version 3.7.6 and 3.8.2, which fix this issue.Show less
CVE-2024-37358
1Apache
1James Server
Sep 29, 2025
Feb 6, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
Similarly to CVE-2024-34055, Apache James is vulnerable to denial of service through the abuse of IMAP literals from both authenticated and unauthenticated users, which could be used to cause unbounded memory allocation...Show more
Similarly to CVE-2024-34055, Apache James is vulnerable to denial of service through the abuse of IMAP literals from both authenticated and unauthenticated users, which could be used to cause unbounded memory allocation and very long computations Version 3.7.6 and 3.8.2 restrict such illegitimate use of IMAP literals.Show less
CVE-2017-12628
1Apache
1James Server
May 13, 2026
Oct 20, 2017
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. As James exposes JMX socket by default only o...Show more
The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. As James exposes JMX socket by default only on local-host, this vulnerability can only be used for privilege escalation. Release 3.0.1 upgrades the incriminated library.Show less
CVE-2015-7611
1Apache
1James Server
May 6, 2026
Jun 7, 2016
N/A· v4
8.1 HIGH· v3
9.3 HIGH· v2
Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors.