Apache James < 2.2.1 Spooler retrieve Function DoS
Medium Nessus Network Monitor Plugin ID 3320
SynopsisThe remote host is vulnerable to a Denial of Service (DoS) attack.
DescriptionThe remote host is running the Apache James software, a Java-based POP3, SMTP, and NNTP server. This version of JAMES is vulnerable to a flaw in the way that the spooler handles malformed messages. An attacker exploiting this flaw would need to be able to send multiple malformed emails to the server. Successful exploitation would result in the JAMES server depleting all system resources and eventually crashing.
SolutionUpgrade to version 2.2.1 or higher.