6.8
CVE-2011-1430
- EPSS 3.21%
- Veröffentlicht 16.03.2011 22:55:04
- Zuletzt bearbeitet 16.06.2026 23:29:20
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.21% | 0.865 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://www.kb.cert.org/vuls/id/555316
http://www.securityfocus.com/bid/46767
https://exchange.xforce.ibmcloud.com/vulnerabilities/65932
http://secunia.com/advisories/43676
http://www.kb.cert.org/vuls/id/MAPG-8DBRD4
http://www.osvdb.org/71020
http://www.vupen.com/english/advisories/2011/0609