Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Ipswitch IMail Server STARTTLS实现明文命令注入漏洞
Vulnerability Description
Ipswitch IMail Server是美国Ipswitch公司的一款运行于Microsoft Windows操作系统中的邮件服务器。 Ipswitch IMail Server中的STARTTLS实现没有正确限制I/O缓冲。中间人攻击者可以在TLS处理到位后,通过发送明文命令向加密的SMTP会话注入命令。
CVSS Information
N/A
Vulnerability Type
N/A