Details of VAR-202502-0101

ID

VAR-202502-0101

CVE

CVE-2024-45626

TITLE

Apache Software Foundation of Apache James Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-018726

DESCRIPTION

Apache James server JMAP HTML to text plain implementation in versions below 3.8.2 and 3.7.6 is subject to unbounded memory consumption that can result in a denial of service. Users are recommended to upgrade to version 3.7.6 and 3.8.2, which fix this issue. Apache Software Foundation of Apache James Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-45626 // JVNDB: JVNDB-2024-018726

AFFECTED PRODUCTS

vendor:	apache	model:	james server	scope:	gte	version:	3.8.0	Trust: 1.0
vendor:	apache	model:	james server	scope:	lt	version:	3.8.2	Trust: 1.0
vendor:	apache	model:	james server	scope:	lt	version:	3.7.6	Trust: 1.0
vendor:	apache	model:	james	scope:	eq	version:	3.7.6	Trust: 0.8
vendor:	apache	model:	james	scope:	eq	version:	-	Trust: 0.8
vendor:	apache	model:	james	scope:	-	version:	-	Trust: 0.8
vendor:	apache	model:	james	scope:	eq	version:	3.8.0 that's all 3.8.2	Trust: 0.8

sources: JVNDB: JVNDB-2024-018726 // NVD: CVE-2024-45626

CVSS

SEVERITY

CVSSV2

CVSSV3

security@apache.org:	CVE-2024-45626
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2024-45626
value:	HIGH
Trust: 1.0
NVD:	CVE-2024-45626
value:	HIGH
Trust: 0.8

security@apache.org:	CVE-2024-45626
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2024-45626
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2024-45626
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-018726 // NVD: CVE-2024-45626 // NVD: CVE-2024-45626

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-400	Trust: 1.0
problemtype:	Resource exhaustion (CWE-400) [ others ]	Trust: 0.8
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-018726 // NVD: CVE-2024-45626

EXTERNAL IDS

db:	NVD	id:	CVE-2024-45626	Trust: 2.6
db:	OPENWALL	id:	OSS-SECURITY/2025/02/05/7	Trust: 1.8
db:	JVNDB	id:	JVNDB-2024-018726	Trust: 0.8

sources: JVNDB: JVNDB-2024-018726 // NVD: CVE-2024-45626

REFERENCES

url:	https://lists.apache.org/thread/1fr9hvpsylomwwfr3rv82g84sxszn4kl	Trust: 1.8
url:	http://www.openwall.com/lists/oss-security/2025/02/05/7	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-45626	Trust: 0.8

sources: JVNDB: JVNDB-2024-018726 // NVD: CVE-2024-45626

SOURCES

db:	JVNDB	id:	JVNDB-2024-018726
db:	NVD	id:	CVE-2024-45626

LAST UPDATE DATE

2025-02-14T22:56:24.780000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-018726	date:	2025-02-12T07:04:00
db:	NVD	id:	CVE-2024-45626	date:	2025-02-11T16:12:04.307

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-018726	date:	2025-02-12T00:00:00
db:	NVD	id:	CVE-2024-45626	date:	2025-02-06T12:15:27.110