CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2011-1432

The STARTTLS implementation in SCO SCOoffice Server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.077

EPSS Ranking 91.4%

CVSS Severity

CVSS v2 Score 6.8

References

http://www.kb.cert.org/vuls/id/555316
http://www.kb.cert.org/vuls/id/MAPG-8D9M6A
http://www.securityfocus.com/bid/46767
http://www.vupen.com/english/advisories/2011/0613
https://exchange.xforce.ibmcloud.com/vulnerabilities/65932
http://www.kb.cert.org/vuls/id/555316
http://www.kb.cert.org/vuls/id/MAPG-8D9M6A
http://www.securityfocus.com/bid/46767
http://www.vupen.com/english/advisories/2011/0613
https://exchange.xforce.ibmcloud.com/vulnerabilities/65932

Products affected by CVE-2011-1432

Sco » Scoofficeserver » Version: Any

cpe:2.3:a:sco:scoofficeserver:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2011-1432

Products

Pricing

Contact Us