[JAMES-2198] Fix CVE-2017-12628: Upgrade commons-collection - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: master
Fix Version/s: master
Component/s: James Core, JMX
Labels:
- easy-fix
- security

Description

It fixes vulnerability described in CVE-2017-12628. The JMX server, also
used by the command line client is exposed to a java de-serialization
issue, and thus can be used to execute arbitrary commands. As James
exposes JMX socket by default only on local-host, this vulnerability can
only be used for privilege escalation.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Benoit Tellier

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 20/Oct/17 08:15

Updated:: 29/Jan/18 03:36

Resolved:: 29/Jan/18 03:36