CVE-2017-9801

HIGH

Apache Commons Email <1.5 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2017-9801. PoCs published by dawetmaster, andikahilmy.

AI-analyzed exploit summary This repository contains a vulnerable version of Apache Commons Email, specifically targeting CVE-2017-9801. The code includes the full source of the vulnerable library, allowing for exploitation of the deserialization vulnerability in the `ByteArrayDataSource` class.

Description

When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitrary SMTP headers.

Exploits (2)

nomisec WORKING POC

by dawetmaster · poc

https://github.com/dawetmaster/CVE-2017-9801-commons-email-vulnerable

View Code ZIP pw:eip

This repository contains a vulnerable version of Apache Commons Email, specifically targeting CVE-2017-9801. The code includes the full source of the vulnerable library, allowing for exploitation of the deserialization vulnerability in the `ByteArrayDataSource` class.

Classification

Working Poc 90%

Attack Type

Deserialization

Complexity

Moderate

Reliability

Reliable

Target: Apache Commons Email (versions before 1.5)

No auth needed

Prerequisites: Java environment · vulnerable version of Apache Commons Email

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Mar 14, 2026 Full analysis →

nomisec WRITEUP

by andikahilmy · poc

https://github.com/andikahilmy/CVE-2017-9801-commons-email-vulnerable

View Code ZIP pw:eip

This repository contains the vulnerable source code of Apache Commons Email, specifically the version affected by CVE-2017-9801. It includes the full project structure but does not provide an exploit or detailed analysis of the vulnerability itself.

Classification

Writeup 90%

Attack Type

Other

Complexity

Moderate

Reliability

Theoretical

Target: Apache Commons Email (vulnerable version)

No auth needed

Prerequisites: Access to a vulnerable version of Apache Commons Email

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/7ef903a772a2ff08605df1be819044fb15df2815eb3d63878b3fbbb5%40%3Cannounce.apache.org%3E

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1039043

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/100082

Scores

CVSS v3 7.5

EPSS 0.0132

EPSS Percentile 80.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-20

Status published

Products (10)

apache/commons_email 1.0

apache/commons_email 1.1

apache/commons_email 1.2

apache/commons_email 1.3

apache/commons_email 1.3.1

apache/commons_email 1.3.2

apache/commons_email 1.3.3

apache/commons_email 1.4

Apache Software Foundation/Apache Commons Email 1.0 to 1.4

org.apache.commons/commons-email 1.0 - 1.5Maven

Published Aug 07, 2017

Tracked Since Feb 18, 2026