Re: [exim-dev] CVE-2021-38371 (allows response injection dur…

Etusivu
Poista viesti
Vastaa
Lähettäjä: Jeremy Harris
Päiväys:  
Vastaanottaja: exim-dev
Aihe: Re: [exim-dev] CVE-2021-38371 (allows response injection during MTA SMTP sending)
On 04/01/2022 11:11, Harry Mills via Exim-dev wrote:
> We have a PCI DSS compliance failure for CVE-2021-38371, the details page (linked from mitre.org site) gives a 404 and we cannot find any other details on what this CVE refers to, or whether or not a fix is available.
>
> We are running exim 4.94.2-2 from EPEL on Centos8.
>
> Any information would be very welcome.


https://nostarttls.secvuln.info/ claims Exim is vulnerable, and that this
was reported to us. However, I'm not aware of any such report nor evidence.

You could try the test tool linked from that page.
--
Cheers,
Jeremy