Re: [exim-dev] CVE-2021-38371 (allows response injection dur…

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMHarry Mills at <-
MJeremy Harris at ->
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-dev
Subject: Re: [exim-dev] CVE-2021-38371 (allows response injection during MTA SMTP sending)
On 04/01/2022 11:11, Harry Mills via Exim-dev wrote:
> We have a PCI DSS compliance failure for CVE-2021-38371, the details page (linked from mitre.org site) gives a 404 and we cannot find any other details on what this CVE refers to, or whether or not a fix is available.
>
> We are running exim 4.94.2-2 from EPEL on Centos8.
>
> Any information would be very welcome.

https://nostarttls.secvuln.info/ claims Exim is vulnerable, and that this
was reported to us. However, I'm not aware of any such report nor evidence.

You could try the test tool linked from that page.
--
Cheers,
Jeremy

This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-[exim-dev] CVE-2021-38371 (allows response injection during MTA SMTP sending)Re: [exim-dev] CVE-2021-38371 (allows response injection during MTA SMTP sending)->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)