A flaw was found in Apache James Server: Apache James Server 2.3.2 has security issue that can let a user execute arbitrary system command for servers configured with file based user repositories. 2.3.2 users should upgrade to 2.3.2.1 to be downloaded from http://james.apache.org/download.cgi#Apache_James_Server References: http://seclists.org/oss-sec/2015/q3/655
Created apache-james-project tracking bugs for this issue: Affects: fedora-all [bug 1267939]
Is there CVE number available?
(In reply to Mikolaj Izdebski from comment #2) > Is there CVE number available? Not that I'm aware of. I assume one will be assigned per the posting on oss-sec (http://seclists.org/oss-sec/2015/q3/655).
(In reply to Martin Prpic from comment #3) > (In reply to Mikolaj Izdebski from comment #2) > > Is there CVE number available? > > Not that I'm aware of. I assume one will be assigned per the posting on > oss-sec (http://seclists.org/oss-sec/2015/q3/655). Ha, and right after I replied, I noticed MITRE assigned one :) http://seclists.org/oss-sec/2015/q4/0
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.