An issue was discovered in the POP3 component of Courier Mail Server before 1.1.5. Meddler-in-the-middle attackers can pipeline commands after the POP3 STLS command, injecting plaintext commands into an encrypted user session.
CPE | Name | Operator | Version |
---|---|---|---|
courier_mail_server | lt | 1.1.5 |