Main Vulnerability Database Exploits ID:1481 - Exploit for Path traversal in Apache James - CVE-2015-7611

ID:1481 - Exploit for Path traversal in Apache James - CVE-2015-7611

Published: March 18, 2020

Vulnerability identifier: #VU25576

Vulnerability risk: Medium

CVE-ID: CVE-2015-7611

CWE-ID: CWE-22

Exploitation vector: Remote access

Vulnerable software:
Apache James

Link to public exploit:

https://www.rapid7.com/db/modules/exploit/linux/smtp/apache_james_exec

Vulnerability description

The vulnerability allows a remote authenticated user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences within username when creating new user account in Apache James Remote Administration Tool. A remote authenticated user can send a specially crafted POP3 request to create a user with malicious username and then execute the code, stored in the username by sending an email to this particular recipient.

Remediation

Install update from vendor's website.

ID:1481 - Exploit for Path traversal in Apache James - CVE-2015-7611

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human