Lucene search

K
nvd[email protected]NVD:CVE-2011-1926
HistoryMay 23, 2011 - 10:55 p.m.

CVE-2011-1926

2011-05-2322:55:01
CWE-264
web.nvd.nist.gov
7

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

6.5

Confidence

Low

EPSS

0.011

Percentile

84.8%

The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a “plaintext command injection” attack, a similar issue to CVE-2011-0411.

Affected configurations

Nvd
Node
cmucyrus_imap_serverRange2.4.6
OR
cmucyrus_imap_serverMatch2.0.17
OR
cmucyrus_imap_serverMatch2.1.16
OR
cmucyrus_imap_serverMatch2.1.17
OR
cmucyrus_imap_serverMatch2.1.18
OR
cmucyrus_imap_serverMatch2.2.8
OR
cmucyrus_imap_serverMatch2.2.9
OR
cmucyrus_imap_serverMatch2.2.10
OR
cmucyrus_imap_serverMatch2.2.11
OR
cmucyrus_imap_serverMatch2.2.12
OR
cmucyrus_imap_serverMatch2.2.13
OR
cmucyrus_imap_serverMatch2.2.13p1
OR
cmucyrus_imap_serverMatch2.3.0
OR
cmucyrus_imap_serverMatch2.3.1
OR
cmucyrus_imap_serverMatch2.3.2
OR
cmucyrus_imap_serverMatch2.3.3
OR
cmucyrus_imap_serverMatch2.3.4
OR
cmucyrus_imap_serverMatch2.3.5
OR
cmucyrus_imap_serverMatch2.3.6
OR
cmucyrus_imap_serverMatch2.3.7
OR
cmucyrus_imap_serverMatch2.3.8
OR
cmucyrus_imap_serverMatch2.3.9
OR
cmucyrus_imap_serverMatch2.3.10
OR
cmucyrus_imap_serverMatch2.3.11
OR
cmucyrus_imap_serverMatch2.3.12
OR
cmucyrus_imap_serverMatch2.3.13
OR
cmucyrus_imap_serverMatch2.3.14
OR
cmucyrus_imap_serverMatch2.3.15
OR
cmucyrus_imap_serverMatch2.3.16
OR
cmucyrus_imap_serverMatch2.4.0
OR
cmucyrus_imap_serverMatch2.4.1
OR
cmucyrus_imap_serverMatch2.4.2
OR
cmucyrus_imap_serverMatch2.4.3
OR
cmucyrus_imap_serverMatch2.4.4
OR
cmucyrus_imap_serverMatch2.4.5
VendorProductVersionCPE
cmucyrus_imap_server*cpe:2.3:a:cmu:cyrus_imap_server:*:*:*:*:*:*:*:*
cmucyrus_imap_server2.0.17cpe:2.3:a:cmu:cyrus_imap_server:2.0.17:*:*:*:*:*:*:*
cmucyrus_imap_server2.1.16cpe:2.3:a:cmu:cyrus_imap_server:2.1.16:*:*:*:*:*:*:*
cmucyrus_imap_server2.1.17cpe:2.3:a:cmu:cyrus_imap_server:2.1.17:*:*:*:*:*:*:*
cmucyrus_imap_server2.1.18cpe:2.3:a:cmu:cyrus_imap_server:2.1.18:*:*:*:*:*:*:*
cmucyrus_imap_server2.2.8cpe:2.3:a:cmu:cyrus_imap_server:2.2.8:*:*:*:*:*:*:*
cmucyrus_imap_server2.2.9cpe:2.3:a:cmu:cyrus_imap_server:2.2.9:*:*:*:*:*:*:*
cmucyrus_imap_server2.2.10cpe:2.3:a:cmu:cyrus_imap_server:2.2.10:*:*:*:*:*:*:*
cmucyrus_imap_server2.2.11cpe:2.3:a:cmu:cyrus_imap_server:2.2.11:*:*:*:*:*:*:*
cmucyrus_imap_server2.2.12cpe:2.3:a:cmu:cyrus_imap_server:2.2.12:*:*:*:*:*:*:*
Rows per page:
1-10 of 351

References

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

6.5

Confidence

Low

EPSS

0.011

Percentile

84.8%