Re: [exim-dev] CVE-2021-38371 (allows response injection dur…

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Jeremy Harris
日付:  
To: exim-dev
題目: Re: [exim-dev] CVE-2021-38371 (allows response injection during MTA SMTP sending)
On 04/01/2022 11:11, Harry Mills via Exim-dev wrote:
> We have a PCI DSS compliance failure for CVE-2021-38371, the details page (linked from mitre.org site) gives a 404 and we cannot find any other details on what this CVE refers to, or whether or not a fix is available.
>
> We are running exim 4.94.2-2 from EPEL on Centos8.
>
> Any information would be very welcome.


https://nostarttls.secvuln.info/ claims Exim is vulnerable, and that this
was reported to us. However, I'm not aware of any such report nor evidence.

You could try the test tool linked from that page.
--
Cheers,
Jeremy