Re: [exim-dev] CVE-2021-38371 (allows response injection dur…

Top Page
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-dev
Subject: Re: [exim-dev] CVE-2021-38371 (allows response injection during MTA SMTP sending)
On 04/01/2022 11:11, Harry Mills via Exim-dev wrote:
> We have a PCI DSS compliance failure for CVE-2021-38371, the details page (linked from mitre.org site) gives a 404 and we cannot find any other details on what this CVE refers to, or whether or not a fix is available.
>
> We are running exim 4.94.2-2 from EPEL on Centos8.
>
> Any information would be very welcome.


https://nostarttls.secvuln.info/ claims Exim is vulnerable, and that this
was reported to us. However, I'm not aware of any such report nor evidence.

You could try the test tool linked from that page.
--
Cheers,
Jeremy