CVE-2017-9801

{"id": "CVE-2017-9801", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2017-08-07T15:29:00.517", "references": [{"url": "http://www.securityfocus.com/bid/100082", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@apache.org"}, {"url": "http://www.securitytracker.com/id/1039043", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/7ef903a772a2ff08605df1be819044fb15df2815eb3d63878b3fbbb5%40%3Cannounce.apache.org%3E", "source": "security@apache.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitrary SMTP headers."}, {"lang": "es", "value": "Cuando un sitio de llamada pasa un asunto para un email que contiene saltos de l\u00ednea en Apache Commons Email 1.0 en su versi\u00f3n 1.4, el autor de la llamada puede a\u00f1adir encabezados SMTP arbitrarios."}], "lastModified": "2023-11-07T02:50:53.410", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:commons_email:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30F19A6E-9804-46E5-BB19-D68FD7151A08"}, {"criteria": "cpe:2.3:a:apache:commons_email:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4F3451B-7369-45FA-AAA7-BD5DFF71595B"}, {"criteria": "cpe:2.3:a:apache:commons_email:1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46162757-2BEB-4AE3-8C87-72605B9EF048"}, {"criteria": "cpe:2.3:a:apache:commons_email:1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7771B984-C576-4E86-8A33-A6C0D87ABE42"}, {"criteria": "cpe:2.3:a:apache:commons_email:1.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58C4BCC5-676C-4CEC-9917-16ACF9E4CB0C"}, {"criteria": "cpe:2.3:a:apache:commons_email:1.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ECF0651E-705F-4E15-A4C2-FA074002858C"}, {"criteria": "cpe:2.3:a:apache:commons_email:1.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C31A98B-BBC5-4F26-B60F-399AFFA58C1F"}, {"criteria": "cpe:2.3:a:apache:commons_email:1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8D2181B-15C0-4FDD-A881-AE400841B20A"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}