Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

Ipswitch IMail Server STARTTLS Plaintext Command Injection Vulnerability

Severity

Medium

Family

SMTP problems

CVSSv2 Base

6.8

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Solution Type

Vendor Patch

Created

13 years ago

Modified

5 years ago

The host is running Ipswitch IMail Server and is prone to plaintext command injection vulnerability.

Insight

This flaw is caused by an error within the 'STARTTLS' implementation where the switch from plaintext to TLS is implemented below the application's I/O buffering layer, which could allow attackers to inject commands during the plaintext phase of the protocol via man-in-the-middle attacks.

Affected Software

Ipswitch IMail versions 11.03 and Prior.

Solution

Upgrade to Ipswitch IMail version 11.5 or later.

Common Vulnerabilities and Exposures (CVE)

CVE-2011-1430

Free and open-source vulnerability scanner

Available for macOS, Windows, and Linux

Ipswitch IMail Server STARTTLS Plaintext Command Injection Vulnerability

Severity

Family

CVSSv2 Base

CVSSv2 Vector

Solution Type

Created

Modified

Share

Insight

Affected Software

Solution

Common Vulnerabilities and Exposures (CVE)

References

Free and open-source vulnerability scanner

Available for macOS, Windows, and Linux

Ipswitch IMail Server STARTTLS Plaintext Command Injection Vulnerability

Information

Severity

Severity

Family

Family

CVSSv2 Base

CVSSv2 Base

CVSSv2 Vector

CVSSv2 Vector

Solution Type

Solution Type

Created

Created

Modified

Modified

Share

Summary

Insight

Insight

Affected Software

Affected Software

Solution

Solution

Common Vulnerabilities and Exposures (CVE)

References