{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-04T20:05:59.927","vulnerabilities":[{"cve":{"id":"CVE-2017-9801","sourceIdentifier":"security@apache.org","published":"2017-08-07T15:29:00.517","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitrary SMTP headers."},{"lang":"es","value":"Cuando un sitio de llamada pasa un asunto para un email que contiene saltos de línea en Apache Commons Email 1.0 en su versión 1.4, el autor de la llamada puede añadir encabezados SMTP arbitrarios."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:commons_email:1.0:*:*:*:*:*:*:*","matchCriteriaId":"30F19A6E-9804-46E5-BB19-D68FD7151A08"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:commons_email:1.1:*:*:*:*:*:*:*","matchCriteriaId":"A4F3451B-7369-45FA-AAA7-BD5DFF71595B"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:commons_email:1.2:*:*:*:*:*:*:*","matchCriteriaId":"46162757-2BEB-4AE3-8C87-72605B9EF048"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:commons_email:1.3:*:*:*:*:*:*:*","matchCriteriaId":"7771B984-C576-4E86-8A33-A6C0D87ABE42"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:commons_email:1.3.1:*:*:*:*:*:*:*","matchCriteriaId":"58C4BCC5-676C-4CEC-9917-16ACF9E4CB0C"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:commons_email:1.3.2:*:*:*:*:*:*:*","matchCriteriaId":"ECF0651E-705F-4E15-A4C2-FA074002858C"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:commons_email:1.3.3:*:*:*:*:*:*:*","matchCriteriaId":"6C31A98B-BBC5-4F26-B60F-399AFFA58C1F"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:commons_email:1.4:*:*:*:*:*:*:*","matchCriteriaId":"D8D2181B-15C0-4FDD-A881-AE400841B20A"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/100082","source":"security@apache.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1039043","source":"security@apache.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://lists.apache.org/thread.html/7ef903a772a2ff08605df1be819044fb15df2815eb3d63878b3fbbb5%40%3Cannounce.apache.org%3E","source":"security@apache.org"},{"url":"http://www.securityfocus.com/bid/100082","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1039043","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://lists.apache.org/thread.html/7ef903a772a2ff08605df1be819044fb15df2815eb3d63878b3fbbb5%40%3Cannounce.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}