6.8
CVE-2011-1506
- EPSS 2.47%
- Veröffentlicht 22.03.2011 17:55:04
- Zuletzt bearbeitet 16.06.2026 23:29:30
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe STARTTLS implementation in Kerio Connect 7.1.4 build 2985 and MailServer 6.x does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. NOTE: some of these details are obtained from third party information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Kerio ≫ Kerio Mailserver Version5.0
Kerio ≫ Kerio Mailserver Version5.1
Kerio ≫ Kerio Mailserver Version5.1.1
Kerio ≫ Kerio Mailserver Version5.6.3
Kerio ≫ Kerio Mailserver Version5.6.4
Kerio ≫ Kerio Mailserver Version5.6.5
Kerio ≫ Kerio Mailserver Version5.7.0
Kerio ≫ Kerio Mailserver Version5.7.1
Kerio ≫ Kerio Mailserver Version5.7.2
Kerio ≫ Kerio Mailserver Version5.7.3
Kerio ≫ Kerio Mailserver Version5.7.4
Kerio ≫ Kerio Mailserver Version5.7.5
Kerio ≫ Kerio Mailserver Version5.7.6
Kerio ≫ Kerio Mailserver Version5.7.7
Kerio ≫ Kerio Mailserver Version5.7.8
Kerio ≫ Kerio Mailserver Version5.7.9
Kerio ≫ Kerio Mailserver Version5.7.10
Kerio ≫ Kerio Mailserver Version6.0
Kerio ≫ Kerio Mailserver Version6.0.0
Kerio ≫ Kerio Mailserver Version6.0.1
Kerio ≫ Kerio Mailserver Version6.0.2
Kerio ≫ Kerio Mailserver Version6.0.3
Kerio ≫ Kerio Mailserver Version6.0.4
Kerio ≫ Kerio Mailserver Version6.0.5
Kerio ≫ Kerio Mailserver Version6.0.6
Kerio ≫ Kerio Mailserver Version6.0.7
Kerio ≫ Kerio Mailserver Version6.0.8
Kerio ≫ Kerio Mailserver Version6.0.9
Kerio ≫ Kerio Mailserver Version6.0.10
Kerio ≫ Kerio Mailserver Version6.1.1
Kerio ≫ Kerio Mailserver Version6.1.2
Kerio ≫ Kerio Mailserver Version6.1.3
Kerio ≫ Kerio Mailserver Version6.1.3_patch_1
Kerio ≫ Kerio Mailserver Version6.1.4
Kerio ≫ Kerio Mailserver Version6.2.0
Kerio ≫ Kerio Mailserver Version6.2.1
Kerio ≫ Kerio Mailserver Version6.2.2
Kerio ≫ Kerio Mailserver Version6.3.0
Kerio ≫ Kerio Mailserver Version6.3.1
Kerio ≫ Kerio Mailserver Version6.3.1_p1
Kerio ≫ Kerio Mailserver Version6.3.1_p2
Kerio ≫ Kerio Mailserver Version6.4.0
Kerio ≫ Kerio Mailserver Version6.4.1
Kerio ≫ Kerio Mailserver Version6.4.2
Kerio ≫ Kerio Mailserver Version6.5.0
Kerio ≫ Kerio Mailserver Version6.5.0 Updatepatch_1
Kerio ≫ Kerio Mailserver Version6.5.1
Kerio ≫ Kerio Mailserver Version6.5.2
Kerio ≫ Kerio Mailserver Version6.6.0
Kerio ≫ Kerio Mailserver Version6.6.0 Updatepatch_1
Kerio ≫ Kerio Mailserver Version6.6.1
Kerio ≫ Kerio Mailserver Version6.6.2
Kerio ≫ Kerio Mailserver Version6.7.0
Kerio ≫ Kerio Mailserver Version6.7.1
Kerio ≫ Kerio Mailserver Version6.7.2
Kerio ≫ Kerio Mailserver Version6.7.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.47% | 0.824 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://www.kb.cert.org/vuls/id/555316
http://www.securityfocus.com/bid/46767
https://exchange.xforce.ibmcloud.com/vulnerabilities/65932
http://secunia.com/advisories/43678
http://www.kb.cert.org/vuls/id/MAPG-8D9M4P
http://www.vupen.com/english/advisories/2011/0610