Miggo Logo
Miggo Vulnerability Database
CVE-2015-7611

CVE-2015-7611: Apache James Server OS Command Injection

8.1

CVSS Score
3.0

Basic Information

CVE ID
CVE-2015-7611
GHSA ID
GHSA-cgvf-22vv-83h5
EPSS Score
0.98889%
CWE
CWE-78
Published
5/14/2022
Updated
8/2/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.apache.james:james-servermaven< 2.3.2.12.3.2.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability manifests in file-based user repository implementations during user creation. While no patch diffs are available, the CWE-78 classification and Apache's mitigation advice indicate: 1) User input flows into OS command execution 2) File-based repositories are specifically implicated. The UsersFileRepository and its parent AbstractUsersRepository are the core components handling user management in this configuration. The medium confidence reflects educated inference based on vulnerability type and component architecture without direct patch evidence.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*p**** J*m*s S*rv*r *.*.*, w**n *on*i*ur** wit* *il*-**s** us*r r*positori*s, *llows *tt**k*rs to *x**ut* *r*itr*ry syst*m *omm*n*s vi* unsp**i*i** v**tors.

Reasoning

T** vuln*r**ility m*ni**sts in *il*-**s** us*r r*pository impl*m*nt*tions *urin* us*r *r**tion. W*il* no p*t** *i**s *r* *v*il**l*, t** *W*-** *l*ssi*i**tion *n* *p****'s miti**tion **vi** in*i**t*: *) Us*r input *lows into OS *omm*n* *x**ution *) *i