NVD

Id
8371  
Name
CVE-2011-1430  
Description
The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-07  
Published
2011-03-16  
Modified Date
2011-03-17  
Seq
2011-1430  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
47958 8371 CVE-2011-1430 VU#555316  View
47959 8371 CVE-2011-1430 http://www.kb.cert.org/vuls/id/MAPG-8DBRD4  View
47960 8371 CVE-2011-1430 46767  View
47961 8371 CVE-2011-1430 ADV-2011-0609  View
47962 8371 CVE-2011-1430 multiple-starttls-command-execution(65932)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
34151 JVNDB-2011-004393 Ipswitch IMail のSTARTTLS 実装における暗号化された SMTP セッションにコマンドを挿入される脆弱性 Ipswitch IMail のサーバの STARTTLS 実装は、I/O バッファリングを適切に制限しないため、暗号化された SMTP セッションにコマンドを挿入される脆弱性が存在します。 CVE-2011-1430 49337 CVE-2011-1430 8371 6.8 http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-004393.html 2011-03-16 2012-03-27 View