CVE-2011-1432
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The STARTTLS implementation in SCO SCOoffice Server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
La aplicación STARTTLS en SCO SCOoffice Server no restringe el búfer I/O de forma adecuada, lo que permite a los atacantes "man-in-the-middle insertar comandos en las sesiones SMTP cifrado mediante el envío de un comando de texto plano que se procesa después de que TLS está en su lugar, relacionado con un ataque "inyección de de comando en texto claro", un problema similar a CVE -2011- 0411.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-03-16 CVE Reserved
- 2011-03-16 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
http://www.kb.cert.org/vuls/id/555316 | Third Party Advisory | |
http://www.kb.cert.org/vuls/id/MAPG-8D9M6A | Us Government Resource | |
http://www.securityfocus.com/bid/46767 | Vdb Entry | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/65932 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.vupen.com/english/advisories/2011/0613 | 2017-08-17 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Sco Search vendor "Sco" | Scoofficeserver Search vendor "Sco" for product "Scoofficeserver" | * | - |
Affected
|