Details of VAR-202502-0638

ID

VAR-202502-0638

CVE

CVE-2024-37358

TITLE

Apache Software Foundation of Apache James Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-026240

DESCRIPTION

Similarly to CVE-2024-34055, Apache James is vulnerable to denial of service through the abuse of IMAP literals from both authenticated and unauthenticated users, which could be used to cause unbounded memory allocation and very long computations Version 3.7.6 and 3.8.2 restrict such illegitimate use of IMAP literals. Apache Software Foundation of Apache James contains input validation vulnerabilities and allocation of resources without limiting or throttling.Service operation interruption (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-37358 // JVNDB: JVNDB-2024-026240

AFFECTED PRODUCTS

vendor:	apache	model:	james server	scope:	lt	version:	3.7.6	Trust: 1.0
vendor:	apache	model:	james server	scope:	gte	version:	3.8.0	Trust: 1.0
vendor:	apache	model:	james server	scope:	lt	version:	3.8.2	Trust: 1.0
vendor:	apache	model:	james	scope:	-	version:	-	Trust: 0.8
vendor:	apache	model:	james	scope:	eq	version:	3.7.6	Trust: 0.8
vendor:	apache	model:	james	scope:	eq	version:	3.8.0 that's all 3.8.2	Trust: 0.8
vendor:	apache	model:	james	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2024-026240 // NVD: CVE-2024-37358

CVSS

SEVERITY

CVSSV2

CVSSV3

security@apache.org:	CVE-2024-37358
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2024-37358
value:	HIGH
Trust: 1.0
NVD:	CVE-2024-37358
value:	HIGH
Trust: 0.8

security@apache.org:	CVE-2024-37358
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2024-37358
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2024-37358
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-026240 // NVD: CVE-2024-37358 // NVD: CVE-2024-37358

PROBLEMTYPE DATA

problemtype:	CWE-770	Trust: 1.0
problemtype:	Inappropriate input confirmation (CWE-20) [ others ]	Trust: 0.8
problemtype:	Allocation of resources without limits or throttling (CWE-770) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-026240 // NVD: CVE-2024-37358

EXTERNAL IDS

db:	NVD	id:	CVE-2024-37358	Trust: 2.6
db:	JVNDB	id:	JVNDB-2024-026240	Trust: 0.8

sources: JVNDB: JVNDB-2024-026240 // NVD: CVE-2024-37358

REFERENCES

url:	https://lists.apache.org/thread/1pxsh11v5s3fkvhnqvkmlqwt3fgpcrqc	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-37358	Trust: 0.8

sources: JVNDB: JVNDB-2024-026240 // NVD: CVE-2024-37358

SOURCES

db:	JVNDB	id:	JVNDB-2024-026240
db:	NVD	id:	CVE-2024-37358

LAST UPDATE DATE

2025-09-01T23:44:17.969000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-026240	date:	2025-07-17T05:12:00
db:	NVD	id:	CVE-2024-37358	date:	2025-09-01T10:15:30.703

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-026240	date:	2025-07-17T00:00:00
db:	NVD	id:	CVE-2024-37358	date:	2025-02-06T12:15:26.343