Uploaded image for project: 'James Server'
  1. James Server
  2. JAMES-2198

Fix CVE-2017-12628: Upgrade commons-collection

    XMLWordPrintableJSON

    Details

      Description

      It fixes vulnerability described in CVE-2017-12628. The JMX server, also
      used by the command line client is exposed to a java de-serialization
      issue, and thus can be used to execute arbitrary commands. As James
      exposes JMX socket by default only on local-host, this vulnerability can
      only be used for privilege escalation.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              btellier Benoit Tellier
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: