CVE-2011-1430
16.03.2011, 22:55
The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.Enginsight
| Vendor | Product | Version |
|---|---|---|
| ipswitch | imail | 𝑥 ≤ 11.03 |
| ipswitch | imail | 5.0 |
| ipswitch | imail | 5.0.5 |
| ipswitch | imail | 5.0.6 |
| ipswitch | imail | 5.0.7 |
| ipswitch | imail | 5.0.8 |
| ipswitch | imail | 6.00 |
| ipswitch | imail | 6.0 |
| ipswitch | imail | 6.0.1 |
| ipswitch | imail | 6.0.2 |
| ipswitch | imail | 6.0.3 |
| ipswitch | imail | 6.0.4 |
| ipswitch | imail | 6.0.5 |
| ipswitch | imail | 6.0.6 |
| ipswitch | imail | 6.1 |
| ipswitch | imail | 6.2 |
| ipswitch | imail | 6.3 |
| ipswitch | imail | 6.4 |
| ipswitch | imail | 6.06 |
| ipswitch | imail | 7.0.1 |
| ipswitch | imail | 7.0.2 |
| ipswitch | imail | 7.0.3 |
| ipswitch | imail | 7.0.4 |
| ipswitch | imail | 7.0.5 |
| ipswitch | imail | 7.0.6 |
| ipswitch | imail | 7.0.7 |
| ipswitch | imail | 7.1 |
| ipswitch | imail | 7.12 |
| ipswitch | imail | 8.0.3 |
| ipswitch | imail | 8.0.5 |
| ipswitch | imail | 8.1 |
| ipswitch | imail | 8.01 |
| ipswitch | imail | 8.11 |
| ipswitch | imail | 8.12 |
| ipswitch | imail | 8.13 |
| ipswitch | imail | 8.22 |
| ipswitch | imail | 10.01 |
| ipswitch | imail | 10.02 |
| ipswitch | imail | 11.01 |
| ipswitch | imail | 11.02 |
| ipswitch | imail | 2006.1 |
| ipswitch | imail | 2006.2 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References