Summary
The host is running Ipswitch IMail Server and is prone to plaintext command injection vulnerability.
Impact
Successful exploitation will allow attacker to execute arbitrary commands in the context of the user running the application.
Impact Level: Application
Solution
Upgrade to Ipswitch IMail version 11.5 or later.
For updates refer to http://www.imailserver.com/
Insight
This flaw is caused by an error within the 'STARTTLS' implementation where the switch from plaintext to TLS is implemented below the application's I/O buffering layer, which could allow attackers to inject commands during the plaintext phase of the protocol via man-in-the-middle attacks.
Affected
Ipswitch IMail versions 11.03 and Prior.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-1430 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
- AdaptCMS 'init.php' Remote File Include Vulnerability
- @Mail 'MailType' Parameter Cross Site Scripting Vulnerability
- 11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
- @Mail WebMail Email Body HTML Injection Vulnerability