An issue exists in the POP3 component of Courier Mail Server prior to 1.1.5. Meddler-in-the-middle attackers can pipeline commands after the POP3 STLS command, injecting plaintext commands into an encrypted user session.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
courier-mta courier mail server |