The STARTTLS implementation in the server in Ipswitch IMail 11.03 and previous versions does not properly restrict I/O buffering, which allows man-in-the-middle malicious users to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
ipswitch imail 8.22 |
||
ipswitch imail 8.11 |
||
ipswitch imail 6.1 |
||
ipswitch imail 6.0.2 |
||
ipswitch imail 6.0 |
||
ipswitch imail 6.0.1 |
||
ipswitch imail 7.0.5 |
||
ipswitch imail 7.0.2 |
||
ipswitch imail 7.0.3 |
||
ipswitch imail 8.0.3 |
||
ipswitch imail 8.0.5 |
||
ipswitch imail 11 |
||
ipswitch imail 10.02 |
||
ipswitch imail 6.00 |
||
ipswitch imail 6.06 |
||
ipswitch imail 2006.1 |
||
ipswitch imail 5.0.8 |
||
ipswitch imail 5.0.5 |
||
ipswitch imail 7.0.4 |
||
ipswitch imail 8.1 |
||
ipswitch imail 8.12 |
||
ipswitch imail 11.02 |
||
ipswitch imail 11.01 |
||
ipswitch imail 6.2 |
||
ipswitch imail 6.3 |
||
ipswitch imail 6.4 |
||
ipswitch imail 6.0.3 |
||
ipswitch imail 6.0.4 |
||
ipswitch imail 2006.2 |
||
ipswitch imail 5.0 |
||
ipswitch imail 7.1 |
||
ipswitch imail 7.12 |
||
ipswitch imail 8.13 |
||
ipswitch imail server_8.2_hotfix_2 |
||
ipswitch imail 10.01 |
||
ipswitch imail 10 |
||
ipswitch imail 7.0.1 |
||
ipswitch imail 6.0.6 |
||
ipswitch imail 6.0.5 |
||
ipswitch imail 5.0.7 |
||
ipswitch imail 2006 |
||
ipswitch imail 5.0.6 |
||
ipswitch imail 7.0.6 |
||
ipswitch imail 7.0.7 |
||
ipswitch imail |
||
ipswitch imail 8.01 |
Vulmon