'[oss-security] CVE-2023-51518: Apache James server: Privilege escalation via JMX pre-authentication '

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2023-51518: Apache James server: Privilege escalation via JMX pre-authentication 
From:       Benoit Tellier <btellier () apache ! org>
Date:       2024-02-26 17:10:05
Message-ID: 860984fc-1094-4724-3ab9-d948a43d304b () apache ! org
[Download RAW message or body]

Severity: low

Affected versions:

- Apache James server through 3.7.4
- Apache James server 3.8 through 3.8.0

Description:

Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint on localhost subject to \
pre-authentication deserialisation of untrusted data. Given a deserialisation gadjet, this \
could be leveraged as part of an exploit chain that could result in privilege escalation. Note \
that by default JMX endpoint is only bound locally.

We recommend users to:
  - Upgrade to a non-vulnerable Apache James version

  - Run Apache James isolated from other processes (docker - dedicated virtual machine)
  - If possible turn off JMX

Credit:

Mal Aware (reporter)
Arnout Engelen (analyst)

References:

https://james.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-51518

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic