CVE-2004-2650 — Apache James Denial of Service

Description

Spooler in Apache Foundation James before 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.

How to fix CVE-2004-2650

To remediate CVE-2004-2650, upgrade the affected package to a fixed version below.

Maven/org.apache.james:james-server—upgrade to 2.2.0 or later

Is CVE-2004-2650 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 2.2.0

References (4)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2004-2650
WEBissues.apache.org/jira/browse/JAMES-268
WEBjames.apache.org/changelog.html
WEBwww.securityfocus.com/bid/15765