###################################################################### CVE-2016-4460: Apache Pony Mail (Incubating) disclosure vulnerability
Severity: Moderate
Vendor: The Apache Software Foundation
Versions affected: 0.6c through 0.8b
Description:
A flaw was discovered in the access, authentication & authorization
mechanism whereby a user with sufficient knowledge of a private email
could access it without first needing to authenticate.
Mitigation:
There are three ways to mitigate the vulnerability:
- Users may upgrade to 0.9 OR
- Users may check out the latest source from git OR
- Users may apply the following patch: https://s.apache.org/PlE5
Credit:
The vulnerability was discovered by a member of the Apache Software
Foundation.
######################################################################
signature.asc
Description: OpenPGP digital signature
