Описание
In s/qmail through 4.0.07, an active MitM can inject arbitrary plaintext commands into a STARTTLS encrypted session between an SMTP client and s/qmail. This allows e-mail messages and user credentials to be sent to the MitM attacker.
Ссылки
- Technical DescriptionThird Party Advisory
- PatchRelease NotesVendor Advisory
- Technical DescriptionThird Party Advisory
- PatchRelease NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.0.07 (включая)
cpe:2.3:a:fehcom:s\/qmail:*:*:*:*:*:*:*:*
EPSS
Процентиль: 55%
0.00322
Низкий
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-77
Связанные уязвимости
github
больше 3 лет назад
In s/qmail through 4.0.07, an active MitM can inject arbitrary plaintext commands into a STARTTLS encrypted session between an SMTP client and s/qmail. This allows e-mail messages and user credentials to be sent to the MitM attacker.
EPSS
Процентиль: 55%
0.00322
Низкий
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-77