[jira] [Created] (JAMES-2198) Fix CVE-2017-12628: Upgrade commons-collection

Tellier Benoit (JIRA) Fri, 20 Oct 2017 01:16:23 -0700

Tellier Benoit created JAMES-2198:
-------------------------------------

             Summary: Fix CVE-2017-12628: Upgrade commons-collection
                 Key: JAMES-2198
                 URL: https://issues.apache.org/jira/browse/JAMES-2198
             Project: James Server
          Issue Type: Improvement
          Components: James Core, JMX
    Affects Versions: master
            Reporter: Tellier Benoit
             Fix For: master



It fixes vulnerability described in CVE-2017-12628. The JMX server, also
used by the command line client is exposed to a java de-serialization
issue, and thus can be used to execute arbitrary commands. As James
exposes JMX socket by default only on local-host, this vulnerability can
only be used for privilege escalation.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Created] (JAMES-2198) Fix CVE-2017-12628: Upgrade commons-collection

Reply via email to