CVE-2024-21742
Apache James Mime4J: Mime4J DOM header injection
Severity Score
5.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message.
This can be exploited by an attacker to add unintended headers to MIME messages.
La validación de entrada incorrecta permite la inyección de encabezado en la librería MIME4J cuando se usa MIME4J DOM para redactar mensajes. Un atacante puede aprovechar esto para agregar encabezados no deseados a los mensajes MIME.
Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages.
*Credits:
Benoit TELLIER
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-01-02 CVE Reserved
- 2024-02-27 CVE Published
- 2025-05-06 CVE Updated
- 2025-07-31 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2024/02/27/5 |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://lists.apache.org/thread/nrqzg93219wdj056pqfszsd33dc54kfy | 2024-02-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Software Foundation Search vendor "Apache Software Foundation" | Apache James Mime4J Search vendor "Apache Software Foundation" for product "Apache James Mime4J" | <= 0.8.9 Search vendor "Apache Software Foundation" for product "Apache James Mime4J" and version " <= 0.8.9" | en |
Affected
| ||||||