CVE-2015-7611

HIGH

Apache James Server < 2.3.2.1 - OS Command Injection

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2015-7611. PoCs published by Metasploit, Palaczynski Jakub, Matthew Aberegg, Michael Burkey, including Metasploit module exploits/linux/smtp/apache_james_exec.

AI-analyzed exploit summary This Metasploit module exploits CVE-2015-7611 in Apache James Server 2.3.2 by creating a user with a directory traversal payload as the username, allowing arbitrary file writes to /etc/cron.d or /etc/bash_completion.d for remote code execution.

Description

Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotelinux

https://www.exploit-db.com/exploits/48130

View Code ZIP pw:eip

This Metasploit module exploits CVE-2015-7611 in Apache James Server 2.3.2 by creating a user with a directory traversal payload as the username, allowing arbitrary file writes to /etc/cron.d or /etc/bash_completion.d for remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apache James Server 2.3.2

Auth required

Prerequisites: Valid credentials for James Remote Administration Tool · Network access to SMTP (port 25) and admin tool (port 4555)

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1053 - Scheduled Task/Job T1036 - Masquerading

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by Palaczynski Jakub, Matthew Aberegg, Michael Burkey · rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/smtp/apache_james_exec.rb