8 matches found
us.dorama.info Cross Site Scripting vulnerability OBB-3902031
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
nginx Information Disclosure Vulnerability (CVE-2014-3556)
nginx is prone to an information disclosure vulnerability in the SMTP proxy. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...
CVE-2014-3556
The STARTTLS implementation in mail/ngxmailsmtphandler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command...
CVE-2014-3556
The STARTTLS implementation in mail/ngxmailsmtphandler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command...
CVE-2014-3556
The CVE-2014-3556 entry affects nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4. The STARTTLS implementation in mail/ngx_mail_smtp_handler.c allows an MITM to inject commands into encrypted SMTP sessions by sending a cleartext command after TLS is established, due to insufficient I/O bu...
STARTTLS command injection
STARTTLS command injection Severity: medium CVE-2014-3556 Not vulnerable: 1.7.4+, 1.6.1+ Vulnerable: 1.5.6-1.7.3...
Security fix for the ALT Linux 9 package nginx version 1.6.1-alt1
Aug. 6, 2014 Denis Smirnov 1.6.1-alt1 - 1.6.1 - CVE-2014-3556...
nginx -- inject commands into SSL session vulnerability
The nginx project reports: Security: pipelined commands were not discarded after STARTTLS command in SMTP proxy CVE-2014-3556; the bug had appeared in 1.5.6...