漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
STARTTLS unencrypted commands injection
Vulnerability Description
aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle attack. Version 1.4.6 contains a patch for the issue.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
在可信数据中接受外来的不可信数据
Vulnerability Title
aiosmptd 安全漏洞
Vulnerability Description
aiosmtpd是基于 asyncio 的 SMTP 服务器。 aiosmptd 1.4.6之前版本存在安全漏洞,该漏洞源于存在STARTTLS 未加密命令注入的问题。
CVSS Information
N/A
Vulnerability Type
N/A